Cybersecurity Engineer

Role Overview

The Cybersecurity Engineer is a senior technical role responsible for implementing and evolving Avertra's IT security framework across our cloud-native infrastructure and application landscape. You will protect the organization's systems, data, and operations while maintaining continuous compliance with industry and regulatory standards.

​Key Responsibilities

Threat Detection & Incident Response

• Conduct continuous network monitoring and intrusion detection using IDS/IPS, SIEM, NAC, HBSS, and vulnerability management tooling.
• Correlate activity across networks, applications, and systems to identify unauthorized access patterns, trends, and emerging attack vectors.
• Triage and document security alerts; produce formal incident reports with actionable remediation steps.
• Research emerging threats and CVEs; assess applicability and risk to the organization.

Vulnerability & Configuration Management

• Plan, execute, and manage enterprise vulnerability scans across cloud infrastructure, containers, and application layers.
• Identify and resolve false positives; perform compensating controls analysis and validate control efficacy.
• Enforce configuration and hardening standards across compute, networking, and application environments.
• Produce vulnerability, configuration, and coverage metrics to demonstrate assessment coverage and remediation effectiveness.

Security Engineering & Controls

• Implement and maintain security controls across cloud infrastructure, identity management, and application layers.
• Integrate security tooling into development and deployment pipelines to enable a secure-by-default engineering culture.
• Recommend and implement security controls and corrective actions to mitigate technical and business risk.
• Develop and enforce security standards across systems, software, and networking components.

Compliance & Governance (SOC 1/2 · PCI DSS)

• Act as the primary point of contact for SOC 1, SOC 2, and PCI DSS audit engagements.
• Design and maintain compliance controls, gather evidence, and drive audit readiness across all trust service criteria.
• Scope and segment the PCI Cardholder Data Environment (CDE) and ensure appropriate network segmentation.
• Manage audit trails, access reviews, change management procedures, and data classification policies.
• Establish and govern the IT risk and compliance framework; manage third-party and vendor risk.
• Recommend improvements to the Information Security Program, reporting findings to the Information Security Officer.

Reporting & Policy

• Generate executive-ready reports on assessment findings and summarize to facilitate remediation across teams.
• Manage and maintain security policies and procedures organization-wide.
• Perform periodic security and compliance-related reviews and audits.