Data Security Engineer

Reporting to the Global Head of Security Architecture & Engineering, and partnering with the broader Digital Business Solutions (DBS) organization, you will be responsible for the definition and maintenance of a comprehensive set of Security Solutions for Data Security, to enable the CyberSecurity organization to achieve best-in-class protection. 

The Data Security Engineer will play a pivotal role in defining, implementing, and managing data security practices to protect sensitive information across the organization. This role involves working closely with application owners and the application security team to identify data types, classify data, and ensure compliance with data protection policies. The engineer will leverage tools like Microsoft Purview and Imperva to enhance visibility, governance, and security of data across the organization.

You will team up with teammates and partners to deliver new solutions that align with the growth strategy of the BAT business. As well as maintaining/evolving existing ones in close collaboration with the colleagues in the Architecture & Engineering team to build a cohesive level protection across Security Domains and IT platforms. 

Your key responsibilities will include:

• Delivers security engineering tasks for Data Security solutions 
• Establishes standards and guidelines, communicating these to all stakeholders to ensure consistency as well as compliance. 
• Work DBS application teams to onboard their platforms  into the Data Security solutions 
• Collaborates closely with the vendors that provide solutions for Data Security to BAT (both directly/indirectly) 
• Problem-solve, involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex issues.  
• Strives for continuous improvements, while finetuning the configurations and automating repeatable tasks. 
• Proactively researches, monitors, learns, and assesses industry/technology advancements. 
• Recommend and plan use of new features and functionality to improve overall system performance, security and availability as well as business productivity. 

What are we looking for?

• Data Security & Compliance: Strong understanding of data protection regulations (GDPR, HIPAA, CCPA) and experience implementing security solutions like encryption, access controls, DLP tools, and database security.
• Application & Network Security: Experience in designing and securing applications, implementing secure coding practices, performing threat modeling, penetration testing, and ensuring secure network design with firewalls, VPNs, and security monitoring tools.
• Security Testing & Vulnerability Management: Hands-on experience with security assessments, static and dynamic application security testing (SAST, DAST), vulnerability management, and security patching.
• Incident Response & Risk Management: Expertise in handling security incidents, identifying root causes, mitigating risks, and implementing security monitoring through SIEM solutions and log analysis.
• Access Control & Authorization: Proficiency in implementing access control mechanisms, managing authentication/authorization systems, privilege management, and database security hardening.
• Cloud & Mobile Security: Understanding of cloud security standard methodologies for Azure and AWS, securing cloud-based data, mobile security principles, secure app development, and mobile device management (MDM).
• Data Governance & Classification: Experience implementing data classification schemes, enforcing governance policies, and ensuring data protection through encryption, tokenization, and compliance frameworks.
• Security Tools & Automation: Hands-on experience with Microsoft Purview, DLP tools, SIEM solutions, security testing tools (SAST, DAST), and automation for security monitoring and vulnerability detection.

Beneficial

• Certified Information Systems Security Professional (CISSP)
• Scaled Agile Framework (SAFe 5 or higher)