Senior Security Engineer

ΤHEON GROUP of companies develops and manufactures cutting-edge night vision and thermal Imaging systems for Military and Security applications with a global footprint. THEON GROUP started its operations in 1997 from Greece and today occupies a leading role in the sector thanks to its international presence through subsidiaries and production facilities in Greece, Cyprus, Germany, the Baltics, the United States, the Gulf States, Switzerland, Denmark, Belgium, Singapore and South Korea. THEON GROUP has more than 240,000 systems in service with Armed and Special Forces in 71 countries around the world, 26 of which are NATO countries. THEON INTERNATIONAL PLC, the group's parent company, has been listed in the EURONEXT stock market, allowing THEON GROUP to accelerate its growth and further future business development. www.theon.com

Role Summary

We are looking for a Senior Security Engineer with demonstrated expertise across enterprise security engineering, Microsoft Azure and on-premises infrastructure protection, incident response, and compliance frameworks including ISO 27001:2022 and CMMC. This role requires hands-on technical execution alongside architectural oversight — you will design and operate security controls, drive threat detection capabilities, and own compliance program delivery end-to-end. Security operations must align with NATO cybersecurity standards and requirements.

Key Responsibilities

• Security Engineering & Architecture
  
  

Design and operationalize enterprise security controls spanning network, endpoint, cloud, and application layers. Lead security architecture reviews for new systems and infrastructure. Implement Zero Trust architectures, network segmentation, IAM, MFA, and least-privilege access models across Microsoft Azure and on-premises/local resource environments. Ensure security configurations align with NATO security standards and requirements.

• Threat Detection & Incident Response
  
  

Develop and tune SIEM detection logic, correlation rules, and alerting pipelines. Lead investigation and containment of security incidents including phishing, malware, unauthorized access, and data exfiltration. Own post-incident reviews, root cause analysis, and remediation tracking. Perform digital forensics as required.

• Vulnerability Management
  
  

Operate vulnerability scanning programs using tools such as Nessus, Qualys, or Tenable. Conduct risk assessments, prioritize findings by exploitability and business impact, and drive remediation with IT and DevOps teams. Track patching cadence and configuration hardening progress.

• DevSecOps & Automation
  
  

Integrate security controls into CI/CD pipelines. Develop automation using Python, Bash, PowerShell, or Terraform for security operations, alerting, and remediation workflows. Implement secrets management, SAST/DAST scanning, and container security controls.

• CMMC & ISO 27001:2022 Compliance
  
  

Lead implementation and operational alignment with ISO 27001:2022, including Annex A control mapping, ISMS policy and procedure ownership, internal and external audit coordination, and management reviews. Support CMMC assessment readiness, including control gap analysis, evidence collection, corrective action tracking, and continuous improvement activities. Ensure ongoing compliance with applicable regulatory, contractual, NATO, and customer cybersecurity requirements.

• Technical Leadership
  
  

Mentor junior engineers and analysts. Provide technical leadership across security projects and incident response efforts. Collaborate cross-functionally with Engineering, IT, Product, and Leadership on security-by-design initiatives. Work closely with IT and external consultants to achieve security targets and program objectives.

Required Qualifications

• 5+ years in cybersecurity engineering or security operations roles
• Strong proficiency in network security fundamentals: firewalls, IDS/IPS, VPN, DNS, TCP/IP
• Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, QRadar, or Elastic)
• Deep knowledge of Windows, Linux, Active Directory, Microsoft Azure, and local on-premises infrastructure security
• Practical experience with vulnerability management tools (Nessus, Qualys, or Tenable)
• Demonstrated experience implementing or auditing ISO 27001 ISMS frameworks
• Working knowledge of CMMC or equivalent cybersecurity maturity frameworks
• Familiarity with NATO cybersecurity standards and information security requirements
• Scripting proficiency in Python, PowerShell, or Bash
• Experience with IAM, MFA, SSO, and RBAC implementations
• Strong analytical reasoning and documented written communication skills