Senior Cyber Security Specialist

Job Summary

We are seeking a highly skilled and self-motivated Senior Cyber Security Specialist to take

full ownership of our organization's security and compliance posture. The ideal candidate

will be an expert in implementing and managing security frameworks like ISO 27001 and will

possess deep, hands-on expertise in application security.

This role is critical to protecting our corporate infrastructure and our in-house software

applications. You will be responsible for everything from policy implementation and

compliance audits to performing advanced, manual penetration testing. This is an individualcontributor role with a high degree of autonomy and responsibility, perfect for a proactive

security professional looking to make a significant impact.

Key Responsibilities

1. Governance, Risk, and Compliance (GRC):

• Lead the implementation, management, and continuous improvement of our

Information Security Management System (ISMS) in alignment with ISO 27001

standards.

• Develop, review, and enforce information security policies, procedures, and

standards across the organization.

• Conduct internal security audits and risk assessments to identify vulnerabilities and

ensure compliance with regulatory and client requirements.

• Act as the primary point of contact for external audits (e.g., ISO 27001, SOC 2, GDPR)

and manage the remediation of any findings.

2. Application & Software Security:

• Perform comprehensive Vulnerability Assessment and Penetration Testing (VAPT) for

web applications, mobile applications, APIs, and network infrastructure.

• Conduct Static Application Security Testing (SAST) and Dynamic Application Security

Testing (DAST), with a strong emphasis on manual testing techniques to identify

vulnerabilities beyond the scope of automated tools.

• Integrate security practices into the Software Development Lifecycle (SDLC),

working closely with development teams to implement secure coding standards

(OWASP Top 10) and conduct code reviews.

• Manage and configure security tools such as Web Application Firewalls (WAF),

SAST/DAST scanners, and vulnerability management platforms.

3. Data Security & Security Operations:

• Design and implement data security controls, including data classification,

encryption, and Data Loss Prevention (DLP) strategies.

• Monitor security alerts, manage security incidents, and lead the incident response

process from detection to resolution and post-mortem analysis.

• Stay current with the latest cybersecurity threats, vulnerabilities, and industry best

practices to ensure the organization's security posture is proactive and robust.

4. Reporting & Strategy:• Provide regular reports to senior management on the state of information security,

including metrics on vulnerabilities, incidents, and compliance status.

• Contribute to the overall security strategy and roadmap for the organization.

Required Skills & Qualifications

• Experience: 5-7 years of dedicated experience in a Cyber Security role.

• Education: Bachelor's degree in computer science, Information Technology,

Cybersecurity, or related field.

• ISO/ISMS Expertise: Proven, hands-on experience in implementing an ISO 27001

certified ISMS from the ground up. Must demonstrate a deep understanding of the

standard controls and audit processes.

• VAPT Proficiency: Demonstrable ability to perform manual and tool-assisted VAPT.

Must be able to identify complex vulnerabilities like business logic flaws, race

conditions, and advanced injection attacks without relying solely on scanners.

• Application Security: Expert knowledge of SAST and DAST principles and practices.

Hands-on experience with tools such as Burp Suite Pro, OWASP ZAP, Nessus,

SonarQube, Checkmarks, or similar.

• Technical Acumen:

o Strong understanding of OWASP Top 10 and SANS Top 25 vulnerabilities.

o Solid knowledge of network protocols, firewalls, and intrusion

detection/prevention systems (IDS/IPS).

o Experience with cloud security principles (AWS, Azure, or GCP).

o Proficiency in scripting languages (e.g., Python, Bash) for security automation.

• Compliance Knowledge: Familiarity with other compliance frameworks such as

SOC 2, GDPR, CCPA, or HIPAA.

• Soft Skills:

o Exceptional analytical and problem-solving skills.

o Excellent communication skills, with the ability to explain complex security

concepts to both technical and non-technical stakeholders.

o High degree of self-motivation, integrity, and ability to work independently

with minimal supervision.

Preferred Qualifications

• Industry-recognized certifications such as CISSP (Certified Information Systems

Security Professional), CISM (Certified Information Security Manager), CEH

(Certified Ethical Hacker), or OSCP (Offensive Security Certified Professional).• Experience in securing CI/CD pipelines (DevSecOps).

• Experience with threat modeling frameworks like STRIDE.