Contribute to the delivery of security risk assessments across diverse environments such as on-premises infrastructure, cloud platforms, DevOps pipelines, IoT, and third-party systems.
Support vulnerability assessments by analyzing results, documenting gaps, and recommending remediation actions.
Assist in reviewing and improving security policies, standards, and procedures to align with industry practices and regulatory obligations.
Take part in application security initiatives including secure code review, threat modeling, and assessments of CI/CD pipelines.
Help perform cloud security reviews, covering configurations, access controls, and data protection across public and hybrid cloud environments.
Participate in System Security Acceptance Testing (SSAT), executing test cases, evaluating outcomes, and reporting findings.
Prepare documentation of assessment results, contribute to risk reports, and update security risk registers as needed.
Work closely with colleagues to support security assessments, design evaluations, and compliance reviews.
Handle assigned tasks and ad-hoc activities to ensure the successful completion of projects and client deliverables.
Requirements:
Degree in Computer Science, Information Technology, Cybersecurity, or a related discipline (preferred).
Professional certifications such as CISSP, CISM, CISA, or equivalent are advantageous.
35 years of experience in cybersecurity consulting with a strong background in risk assessments, application security, and cloud security.
Practical experience in securing cloud platforms (e.g., AWS, Azure, GCP) with knowledge of identifying and mitigating risks in cloud-based systems.
Solid understanding of risk assessment and threat modeling methodologies such as STRIDE or PASTA.
Familiarity with standards and regulatory frameworks including ISO 27001, NIST, etc.
Strong organizational and project management skills with the ability to balance multiple priorities.
Excellent analytical and problem-solving abilities, capable of strategic thinking while executing tactically.
Strong verbal and written communication skills, able to simplify technical information for business stakeholders.
Demonstrated ability to manage relationships effectively and deliver high-quality service.
