Conduct security assessments, audits, and gap analysis across infrastructure, applications, and processes.
Advise clients on cybersecurity strategy, governance, and best practices.
Perform risk assessments, threat modeling, and vulnerability management to identify and mitigate security risks.
Develop and recommend security policies, standards, and frameworks tailored to client needs.
Support clients in achieving and maintaining compliance with ISO 27001, NIST, PCI-DSS, GDPR, HIPAA, or local regulations.
Collaborate with IT, DevOps, and business stakeholders to integrate security into architecture and design.
Assist in the design and implementation of security controls, IAM, encryption, and monitoring systems.
Conduct penetration testing, code reviews, and application security assessments.
Provide incident response planning and advisory services during security events or breaches.
Deliver security awareness training and build a culture of cyber resilience.
Required Technical Skills (Tough Skills)
Security Assessments & Testing: Expertise in penetration testing, vulnerability assessments, red/blue teaming, and use of tools like Nessus, Qualys, Burp Suite, Metasploit, Wireshark.
Network & Infrastructure Security: Knowledge of firewalls, IDS/IPS, VPN, WAF, load balancers, and endpoint protection tools.
Cloud Security: Hands-on experience with AWS, Azure, GCP security configurations, identity management, and cloud-native security tools.
Application Security: Familiarity with OWASP Top 10, secure coding practices, SAST/DAST tools (SonarQube, Veracode, Checkmarx).
Governance, Risk & Compliance (GRC): Strong knowledge of frameworks like ISO 27001, NIST CSF, COBIT, SOC 2, PCI-DSS, GDPR, HIPAA.
