Senior Security Engineer

About GXA IT Consulting: GXA is a premier, internationally recognized managed service provider (MSP), cybersecurity pioneer, and enterprise cloud infrastructure innovator on an absolute mission to protect multi-tenant business environments against modern digital threats. Through our state-of-the-art gShield security ecosystem, we deliver unified threat visibility, proactive vulnerability management, and elite defensive engineering to businesses across global landscapes. Partnering peer-to-peer with Virtual Chief Information Security Officers (vCISOs) and dedicated Security Operations Centers (SOCs), GXA couples rapid execution speed with meticulous technical discipline. The studio provides high-agency security engineers with an uncompromised remote canvas to hunt active adversaries, develop custom detection signatures, and enforce robust zero-trust access controls safely worldwide.

Position Overview

We are seeking a highly analytical, systems-minded Senior Security Engineer to join our core centralized Security division in a full-time remote contract capacity across Pakistan, South Africa, and Sri Lanka. Operating as a critical Tier 3 escalation anchor for live, high-stakes security incidents, you will step up to claim individual operational and technical accountability for defending our multi-client platform infrastructure. Shifting completely away from routine administrative compliance auditing or passive checklist monitoring, you will act as a principal defensive architect inside the gShield stack. You will run complex war-room environments, execute technical log reviews, and design automated threat containment mechanisms. This position requires an InfoSec veteran with 5 to 7 plus years of dedicated security history who traces malicious lateral movements fluidly, tunes SIEM rules smoothly natively using relational query schemas, and writes secure scripts confidently natively using RMM automation parameters.

Key Responsibilities

• Tier 3 Active Incident Triage: Lead technical analysis and remediation during live security events, war-room escalations, and complex network breaches—including mitigating business email compromise (BEC), adversary-in-the-middle (AiTM) vectors, ransomware, and identity takeovers natively utilizing Cybersecurity frameworks.
• Adversarial Threat Hunting and Containment: Conduct rapid, high-discipline eradication actions during active threats, managing remote endpoint isolation, active session revocations, and force-multiplier credential resets across compromised domains.
• SIEM Logic Tuning and Query Engineering: Build, monitor, and optimize highly performant security event tracking dashboards, developing advanced SIEM queries, custom detection definitions, and alert rules to systematically eliminate control weaknesses.
• gShield Toolstack Infrastructure Governance: Manage daily operations, risk analysis, and alert routing configurations across core security technologies (including Huntress, Microsoft Defender for Endpoint, Cyrisma, and DNSFilter).
• Vulnerability Remediation Execution: Translate complex vulnerability assessments, scan reviews, and vCISO strategic recommendations into direct, thoroughly validated technical remediation code blocks across managed customer endpoints.
• Internal Security Posture Hardening: Drive internal engineering security backlogs, managing the global rollout of phishing-resistant multi-factor authentication (MFA), passkey frameworks, and secure configuration profiles via Microsoft Intune.
• Automated Scripting and Controls Enforcement: Write high-quality, maintainable automation scripts and technical enforcement mechanisms natively leveraging Automation Engineer principles across ThreatLocker, AppLocker, and RMM tools.
• Technical Documentation and Playbook Creation: Write and preserve actionable security engineering Standard Operating Procedures (SOPs), incident timelines, threat intelligence evidence packages, and clear detection playbooks for upstream review.

Required Skills & Qualifications

• 5 to 7 plus years of verified professional history running advanced security operations center (SOC) triage, digital forensics and incident response (DFIR), enterprise network security engineering, or infrastructure defense consulting.
• Deep, authoritative technical command of common attack lifecycles, Windows logging subsystems, identity-based exploit strings, network sniffing patterns, and lateral movement methodologies.
• Expert-tier capability tracing adversarial behaviors, parsing cloud transaction trails, and implementing zero-trust network boundaries natively utilizing Cybersecurity analytical suites.
• Practical operational familiarity writing custom rule definitions, configuring endpoint policies, and designing automated platform defenses natively using Automation Engineer automation arrays (specifically within Microsoft Defender, Intune, or ThreatLocker).
• Demonstrated experience successfully operating within multi-tenant managed service provider (MSP) or managed security service provider (MSSP) environments.
• Outstanding verbal, written, and document communication attributes in business-fluent English, allowing absolute calm, clarity, and structural communication during active high-pressure security incidents.
• Location Context: Position open exclusively to qualified technical security professionals based permanently and resident within **Pakistan**, **South Africa**, or **Sri Lanka** to operate under a 100% remote layout.

Preferred Strategic Indicators (Nice to Have)

• Prior commercial infrastructure security history operating explicitly within financial technology frameworks, crypto/web3 transactional platforms, or heavily regulated cloud SaaS databases.
• Possession of industry-recognized technical cybersecurity certifications (such as CompTIA Security+, CySA+, Microsoft SC-200 / SC-300 / AZ-500, SANS GCIH, or GCIA tracks).
• Familiarity with Center for Internet Security (CIS) benchmarks, security hardening standards, and continuous configuration drift monitoring frameworks.
• An outcome-driven personal philosophy rooted in high technical discipline, a passion for outsmarting persistent threat actors, and a relentless commitment to operational excellence under uncertainty.

What We Offer

• Experience-Calibrated International Contracting Blueprint: A highly competitive full-time baseline contractor compensation structure, tailored precisely to evaluate your incident response authority, log forensics speed, and script automation crafts.
• The exceptional professional canvas to directly direct, shape, and code-engineer the defensive barriers power-routing operational security for a growing MSP client network.
• Profound work-from-home remote parameters offering an elite virtual workspace setting, complete scheduling trust, and zero physical geographic office commuting friction out of any city across Pakistan, South Africa, or Sri Lanka.
• Access to elite cross-functional technical exposure, working alongside vCISOs, systems architects, and internal technical leaders inside an incredibly collaborative, delivery-focused digital workspace culture.