Jobs / Security Guard Jobs / Cybersecurity Engineer
Full Time
Avertra -
Jordan , Amman
--
Apply on the Job Website

Job Details

Employment Full Time
Category Data Privacy & Compliance
Industry Information Technology and Services

Job description

Role Overview

The Cybersecurity Engineer is a senior technical role responsible for implementing and evolving Avertra's IT security framework across our cloud-native infrastructure and application landscape. You will protect the organization's systems, data, and operations while maintaining continuous compliance with industry and regulatory standards.


Key Responsibilities

Threat Detection & Incident Response

  • Conduct continuous network monitoring and intrusion detection using IDS/IPS, SIEM, NAC, HBSS, and vulnerability management tooling.
  • Correlate activity across networks, applications, and systems to identify unauthorized access patterns, trends, and emerging attack vectors.
  • Triage and document security alerts; produce formal incident reports with actionable remediation steps.
  • Research emerging threats and CVEs; assess applicability and risk to the organization.

Vulnerability & Configuration Management

  • Plan, execute, and manage enterprise vulnerability scans across cloud infrastructure, containers, and application layers.
  • Identify and resolve false positives; perform compensating controls analysis and validate control efficacy.
  • Enforce configuration and hardening standards across compute, networking, and application environments.
  • Produce vulnerability, configuration, and coverage metrics to demonstrate assessment coverage and remediation effectiveness.

Security Engineering & Controls

  • Implement and maintain security controls across cloud infrastructure, identity management, and application layers.
  • Integrate security tooling into development and deployment pipelines to enable a secure-by-default engineering culture.
  • Recommend and implement security controls and corrective actions to mitigate technical and business risk.
  • Develop and enforce security standards across systems, software, and networking components.

Compliance & Governance (SOC 1/2 · PCI DSS)

  • Act as the primary point of contact for SOC 1, SOC 2, and PCI DSS audit engagements.
  • Design and maintain compliance controls, gather evidence, and drive audit readiness across all trust service criteria.
  • Scope and segment the PCI Cardholder Data Environment (CDE) and ensure appropriate network segmentation.
  • Manage audit trails, access reviews, change management procedures, and data classification policies.
  • Establish and govern the IT risk and compliance framework; manage third-party and vendor risk.
  • Recommend improvements to the Information Security Program, reporting findings to the Information Security Officer.

Reporting & Policy

  • Generate executive-ready reports on assessment findings and summarize to facilitate remediation across teams.
  • Manage and maintain security policies and procedures organization-wide.
  • Perform periodic security and compliance-related reviews and audits.


Skills

Experience & Education

  • 5–8 years of experience in IT Security, Controls, or Auditing
  • Bachelor's degree in Computer Science, Information Technology, or a related field

Technical Skills

  • Threat analysis: malicious activity identification, TTPs, attacker behavior analysis
  • Network & protocol security: TCP/IP, UDP, IPSEC, HTTP/S, DNS, TLS — vulnerabilities and remediation
  • Security engineering: cryptography, authentication protocols, PKI, application and API security
  • Cloud security: Azure Defender, Entra ID / RBAC, Private Endpoints, WAF, DDoS Protection, Key Vault
  • Container & Kubernetes security: image scanning, RBAC, Pod Security Standards, network policies, runtime protection
  • DevSecOps: CI/CD pipeline security integration, IaC scanning, secrets scanning and management
  • SIEM & monitoring: Azure Sentinel or equivalent — alert tuning, playbooks, log aggregation
  • Application security: OWASP Top 10, SAST/DAST tooling (Snyk, SonarQube, OWASP ZAP), dependency and supply-chain security
  • Compliance tooling: SOC 2 evidence management platforms, PCI DSS scoping and controls

Professional Skills

  • Strong analytical and risk-based decision-making capability
  • Ability to translate technical risk into business language for executives and auditors
  • Influencing skills — ability to drive a secure-by-default culture across engineering and operations teams
  • Excellent written and spoken English; skilled at producing clear technical documentation and reports
  • Customer-focused mindset with a commitment to high-quality, timely outcomes
  • Proficient with Microsoft Office (Word, Excel, PowerPoint)
  • Strong multi-tasking and remote collaboration capabilities

Work Details

  • Schedule: Monday – Friday, 10:00 AM – 7:00 PM (or as agreed with supervisor - will be hybrid based on demand)
  • Travel: Up to 15%

Preferred Certifications

  • ISO/IEC 27001 Lead Implementer or Auditor
  • Certified Ethical Hacker (CEH) or OSCP
  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
  • CISSP, CISM, or CompTIA Security+
  • PCI Internal Security Assessor (ISA) or PCIP
  • Experience with GRC/continuous compliance platforms (Vanta, Drata, Tugboat Logic)


Similar Jobs

Apply on the Job Website
About Avertra
Jordan, Amman
Learn more