Cyber Security Engineer

Insighture is a leading technology consultancy that drives digital transformation for businesses worldwide. With a team of over 85 expert consultants, the company delivers tailored, high-impact strategies and solutions, enabling scalable product engineering. As an AWS partner, Insighture excels in co-integrated cloud services. It has collaborated with more than 50 clients globally, guiding them through cloud adoption, DevOps transformation, enterprise modernisation, and more.

The team’s expertise spans Cloud-Native Development, Solutions Architecture, UI/UX, Quality Engineering, Data Engineering, AI/ML, and DevSecOps. These capabilities empower businesses to achieve impactful and innovative outcomes.

In 2024, Insighture achieved ISO certification and was recognised as a Great Place to Work, earning three prestigious awards: Best Workplace in Sri Lanka, Best Workplace for Technology, and Best Workplace for Young People. Insighture's technology and expertise are embedded in the work of internationally recognised care providers, global freight operations, child protection systems, and health tech platforms across Australia, the UK, and Singapore.

We are seeking a hands-on Cyber Security Engineer to support security assessments, triage penetration test findings, and drive remediation across enterprise environments.Will work closely with architects, SOC, and platform teams to translate security findings into actionable fixes, validate control effectiveness, and support audit-ready outcomes in regulated environments.

Responsibilities:

• Support NIST CSF / NIST 800 (800-53, 800-61, 800-92) assessments including evidence collection, gap analysis, and control mapping.
• Assist in preparing control summaries, tool mappings, and audit evidence packs.
• Track security gaps, risks, and remediation activities aligned to timelines.
• Triage and analyse penetration test findings across application, infrastructure, and network layers.
• Validate findings, prioritise remediation, and support closure.
• Execute remediation including configuration hardening, policy tuning, and control improvements.
• Provide hands-on support across endpoint, infrastructure, and vulnerability management.
• Perform baseline hardening, health checks, and validate fixes post-remediation.
• Support network and security controls (Cisco, Imperva, Microsoft) including firewall rule reviews and clean-ups.
• Assist with remediation of network-related vulnerabilities and ensure secure-by-design alignment.
• Support SIEM platforms (Splunk, Sentinel) including log validation and detection coverage checks.
• Work with SOC teams to support investigations and validate telemetry from remediated controls.
• Maintain documentation for remediation, control changes, and audit evidence.
• Participate in incident reviews (P1/P2) and root cause analysis.
• Follow structured change processes (CAB, validation, rollback).

Requirements:

• 3–5 years’ experience in Cyber Security Engineering / SecOps / Blue Team roles.
• Exposure to NIST CSF or NIST 800 frameworks.
• Hands-on experience in vulnerability management, endpoint, infrastructure, and network security.
• Experience with penetration testing findings and remediation tracking.
• Familiarity with SIEM tools (Splunk and/or Microsoft Sentinel).
• Exposure to Cisco, Imperva, and Microsoft security platforms.
• Strong documentation and audit-focused mindset.
• Ability to work with cross-functional teams in regulated environments.