Execute security reviews, audits, and gap assessments across applications, infrastructure, and business processes.
Provide strategic advisory to clients on cybersecurity governance, risk posture, and security program development.
Carry out risk evaluations, threat modeling exercises, and vulnerability analysis to reduce exposure to cyber risks.
Design and recommend client-specific security frameworks, standards, and policies.
Guide organizations through compliance journeys involving ISO 27001, NIST CSF, PCI-DSS, SOC 2, GDPR, HIPAA, or country-specific regulations.
Partner with IT, DevOps, and business leaders to integrate secure design principles into technology architectures.
Assist in deploying security controls including IAM solutions, encryption methods, and monitoring platforms.
Conduct penetration testing, source code reviews, and application security validation.
Support incident handling by preparing response playbooks and advising during active security events.
Lead training initiatives and awareness programs to strengthen security culture across organizations.
Core Technical Expertise (Tough Skills)
Assessment & Testing: Skilled in penetration testing, vulnerability scanning, adversarial simulations (red/blue teams), and tools such as Nessus, Qualys, Burp Suite, Metasploit, and Wireshark.
Infrastructure & Network Security: Knowledge of IDS/IPS, firewalls, WAF, VPNs, load balancers, and endpoint protection.
Cloud Security: Practical experience in AWS, Azure, and GCP security services including IAM, cloud-native security, and compliance configurations.
Application Security: Proficient in secure coding, OWASP Top 10 mitigation, and SAST/DAST tools (Veracode, Checkmarx, SonarQube).
Governance, Risk & Compliance (GRC): Expertise in implementing ISO 27001, NIST CSF, COBIT, SOC 2, PCI-DSS, GDPR, HIPAA frameworks.
Identity & Access Management (IAM): Implementation experience with MFA, SSO, and PAM solutions like CyberArk, Okta, and Azure AD.
Incident Response & Forensics: Hands-on with SIEM (Splunk, QRadar, ELK), SOAR, malware analysis, and forensic investigations.
Data Security & Cryptography: Knowledge of PKI, TLS, encryption methods, tokenization, and key management practices.
Automation & Scripting: Capable of automating audits, reporting, and security workflows using Python, PowerShell, or Bash.
Nice to Have
Security certifications including CISSP, CISM, CISA, CEH, OSCP, CCSP, or ISO 27001 Lead Auditor/Implementer.
Familiarity with Zero Trust models and securing containerized workloads (Docker, Kubernetes).
Exposure to SOC operations and threat intelligence platforms.
