Senior Security Engineer

What do we do?

As a pioneer for digital transformation, GFT develops sustainable solutions across new technologies – from cloud engineering and artificial intelligence to blockchain/DLT. With its deep technological expertise, strong partnerships, and comprehensive market know-how, GFT offers advice to the financial and insurance sectors, as well as the manufacturing industry. Through the intelligent use of IT solutions, GFT increases productivity and creates added value for clients. Companies gain easy and safe access to scalable IT applications and innovative business models.

Who are we?

Having started in Germany in 1987, GFT Technologies has grown to become a trusted Software Engineering and Consulting specialist for the international financial industry, counting many of the world’s largest and best-known banks as our clients. We are an organization that empowers you to not only explore but raise your potential and seek out opportunities that add value. At GFT, diversity, equality, and inclusion are at the core of who we are. Ensuring a diverse and inclusive working environment for all communities is one of the main pillars of our diversity strategy, based on our core values and culture. We have been certified for 2022/23 as a ‘Great Place to Work’ in the APAC region. So, if you want to have the opportunity to work with an outstanding and progressive organization, this position could be right for you.

Role Summary

We are seeking an experienced and passionate Senior Security Engineer to join our team. This role focuses on designing, implementing, and maintaining robust security architectures, risk assessments, and cybersecurity standards to protect IT systems and cloud services. The Senior Security Engineer will collaborate closely with IT teams to ensure compliance with best security practices and strengthen the organization’s overall cyber resilience.

Key Responsibilities

• Design IT security architecture, minimum controls, and countermeasures for new and existing IT systems.
• Advise on embedding security principles into technical solutions and develop reusable security architecture patterns.
• Conduct risk assessments and evaluations, enabling IT stakeholders to make informed decisions on IT security posture.
• Develop cybersecurity standards for Azure cloud services.
• Provide technical advisory to IT teams, ensuring alignment with best security practices.
• Support IT teams in implementing security requirements and adopting security best practices.
• Contribute to proof-of-concepts on cybersecurity solutions to enhance cyber resilience.
• Research emerging security threats, including those related to Azure cloud, and provide solutions or workarounds to mitigate risks.

Required Skills

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Minimum 5–8 years of experience in IT, with at least 1 year of experience in IT Security.
• Strong understanding of essential security concepts, including:
  • CIA triad (Confidentiality, Integrity, Availability).
  • Separation of duties, least privilege, need-to-know, defense-in-depth, open design.
  • Authentication (AuthN) and authorization (AuthZ).
  • Data security at rest and in transit.
• Basic architectural knowledge of Azure cloud services and security concepts.
• Familiarity with authentication protocols (OAuth, SAML, Basic Auth) and API security best practices.
• Understanding of key security domains, including:
  • Risk management, security architecture, identity and access management (IAM), security assessment & testing.
  • Communications and network security.
• Basic or theoretical knowledge of at least one security solution:
  • SIEM/SOAR, DLP, IAM, EDR/XDR, PAM.
  • Hands-on experience with any of these would be an advantage.
• Strong understanding of cryptography primitives and key management best practices.
• Ability to manage multiple tasks simultaneously and work efficiently under pressure.
• Strong English communication skills (B2+ level in written and verbal communication).

Preferred Qualifications

• Hands-on experience with Azure security solutions and cloud security tools.
• Familiarity with Infrastructure as Code (IaC) tools such as Terraform for security automation.
• Experience with container security and Azure Kubernetes Service (AKS) security best practices.
• Knowledge of threat modeling and penetration testing methodologies.
• Experience with security compliance frameworks (ISO 27001, NIST, CIS Benchmarks).
• Certifications such as CISSP, CISM, CCSP, or AZ-500 (Microsoft Azure Security Engineer).