Senior / Lead Information Security Engineer - (IGT1 Lanka: WorkWave)
Copperleaf Technologies
Company Description
About IGT1 Lanka
IGT1 Lanka is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates. We’re also proud to be a sister company of IFS, Sri Lanka’s largest and most established technology company.
At IGT1 Lanka, we partner with global businesses to scale operations, accelerate innovation, and build world-class SaaS platforms through high-quality offshore delivery. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives.
With a team of over 300 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary.
Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives.
About Workwave
WorkWave is a field service management software that provides SaaS solutions for businesses in the service industry (HVAC, Plumbing & Electrical, Cleaning, Lawn & Landscape, Home Delivery, Logistics & Distribution). We empower these businesses to deliver exceptional customer experiences and grow their customer base on our efficient and easy-to-use platform.
WorkWave Team is looking for innovative Information Security Engineers who want to be part of a team of creative and talented individuals. Our teams are a mix of technologists, product managers, development engineers, and UI/UX designers, all working together to deliver our vision. You will be a part of our WorkWave team, helping to develop & support the WorkWave products
Job Description
The ideal candidate will have a strong background in security operations, infrastructure security, risk management, and compliance. This role is crucial in ensuring our systems and data remain secure, compliant, and resilient against threats.
Responsibilities
Architect and enforce robust security frameworks across AWS and Azure platforms.
Manage Cloud Security Posture, ensuring cloud environments are secure and compliant.
Implement and monitor identity and access management solutions in cloud infrastructure.
Implement and configure cloud-based security solutions, including AWS and Azure specific solutions like CloudTrail, GuardDuty, AWS WAF, Azure WAF, etc.
Monitor security tools and review logs for anomalies to detect and respond to threats in a timely manner.
Conduct thorough incident response and forensic analysis.
Provide timely issue resolutions by evaluating, tracking, escalating, managing all requests/problems reported
Take ownership of security incidents, driving swift detection, analysis, containment, and remediation.
Manage and configure SIEM systems (e.g. Splunk) to enhance security posture; monitor, analyze, and visualize security data.
Implement and manage web applications and network firewalls.
Secure on-premises, hybrid, and cloud infrastructures, focusing on system integrity and availability.
Conduct regular network and system security audits.
Design and maintain secure network architectures, implement firewall rules, and safeguard network traffic from malicious actors.
Manage and monitor the company's network security infrastructure, including firewalls,
intrusion detection/prevention systems, cloud gateways, email servers, endpoint protection systems, Extended detection and response (XDR) and VPNs.
Perform Firewall audits and segmentation tests as required by compliance guidelines.
Oversee patch validation and management processes.
Ensure robust identity and access management protocols are in place.
Validate disaster recovery (DR) and business continuity planning (BCP) processes.
Conduct enterprise risk assessments and manage mitigation strategies.
Develop, implement, and maintain cloud security policies and procedures.
Assess and manage vendor compliance and third-party risks.
Conduct privacy management and data protection assessments.
Design and validate secure architecture solutions.
Qualifications
Bachelor’s degree in Computer Science, Information Security, or related field.
Expertise in cloud platforms (AWS, Azure), with relevant certifications (e.g., AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer, Splunk security admin or equivalent).
4-5 years of experience in information security or a related field.
Hands-on experience with security operations in a complex, dynamic environment.
Proven track record of managing compliance initiatives and security audits.
Experience in developing and implementing security policies and procedures.
Experience in DevSecOps practices and CI/CD pipeline security.
Strong understanding of network security principles, protocols, and technologies (e.g., firewalls, VPNs, IDS/IPS).
Strong understanding of security compliance frameworks (PCI DSS, SOC, ISO, PrivacyShield/Data Privacy Framework).
Proficiency in security tools and technologies, including SIEM, firewalls, IDS/IPS, and endpoint protection.
Experience with threat detection, incident response, and forensic analysis.
Knowledge of cloud security principles and practices, particularly with AWS, Azure, or Google Cloud.
Strong knowledge of network security, system security, and secure architecture design.
Experience with enterprise risk management and vendor compliance assessments.
Excellent communication skills, with the ability to train and raise security awareness among employees.
Strong analytical and problem-solving skills, with the ability to handle complex security incidents.
Additional Information
We believe that coming together as a community, in person, is important for innovation, connection and fostering a sense of belonging. Our roles have the right balance of remote and in-office working to enable flexibility for managing your life along with ensuring a real connection with your colleagues and the broader IFS community.