Cyber Security Specialist (Perm) (ID: 659822)

Role Overview:

The role involves safeguarding systems, applications, and infrastructure through proactive vulnerability management, the application of security controls, secure development practices, incident response, and continuous threat monitoring. You will collaborate with both internal teams and external service providers to enhance the cybersecurity posture and align with best practices and industry standards.

Key Responsibilities:

Vulnerability Management & Assessment:

1. Evaluate the cybersecurity aspects of design proposals across various systems, applications, and infrastructure.
2. Source, manage, and oversee external vendors conducting annual vulnerability assessments and penetration tests.
3. Review assessment reports and recommend remediation actions for identified weaknesses.

Implementation of Security Controls:

1. Recommend and implement security controls based on industry best practices, standards, and guidelines (e.g., OWASP Top 10, NIST, CIS).
2. Contribute to the development and maintenance of security policies, procedures, configurations, and standards aligned with ISO 27001.
3. Participate in internal audits and reviews to ensure the effectiveness of the ISMS and security controls.

Secure Development Practices:

1. Integrate secure coding practices and OWASP Top 10 recommendations throughout the software development lifecycle (SDLC).
2. Collaborate with developers to identify and address security vulnerabilities during design and coding phases.

Incident Response & Recovery:

1. Monitor logs for signs of malicious activity and potential data breaches.
2. Coordinate with contractors, security vendors, and internal teams to manage incidents, identify root causes, and implement recovery procedures.

Continuous Learning & Threat Awareness:

1. Stay informed on the latest cybersecurity threats, vulnerabilities, mitigation techniques, and emerging technologies.
2. Attend training, read industry publications, and participate in conferences as needed to maintain up-to-date knowledge.

Collaboration & Security Awareness:

1. Work closely with security professionals and the governance team to educate colleagues on security best practices and raise awareness about potential threats.

Qualifications:

Educational Background:

1. Degree in Information Systems/Technology, Computer Engineering, Computer Science, Information and Communications Technology (ICT), or a related field.

Certifications:

1. Preferred certifications: CISSP, CISA, CISM, CompTIA Security+, or equivalent.

Experience & Skills:

1. Strong understanding of cybersecurity principles and best practices, with at least 5 years of relevant experience managing contractors and designing cybersecurity solutions.
2. Experience in drafting tender specifications for vulnerability assessments, penetration testing, and creating SOPs for incident response.
3. Proficiency with security tools, log extraction techniques, and related technologies.