Cybersecurity Professional

Cybersecurity Specialist

The Role:

We are seeking a seasoned Cybersecurity Expert to safeguard sensitive data, ensure compliance with regulatory frameworks, and strengthen the security posture of our digital ecosystem.

Key Responsibilities:

• ","
• Create, implement, and maintain enterprise-wide cybersecurity strategies, frameworks, and controls to protect against cyber threats.","
• Monitor, detect, and respond to cyber threats and incidents using SIEM and SOC processes to minimize downtime and data loss.","
• Conduct vulnerability assessments, penetration testing (VAPT), red/blue/purple team exercises to identify and mitigate potential vulnerabilities.","
• Perform digital forensics, root cause analysis, and incident response lifecycle management to ensure prompt resolution of security incidents.","
• Define and enforce policies for data privacy, identity & access management (IAM/PAM), and DLP to protect sensitive data.","
• Secure infrastructure across network, endpoint, application, database, and cloud environments to prevent unauthorized access and data breaches.","
• Implement security controls for cloud (AWS, Azure, GCP), containers (Docker, Kubernetes) to ensure secure deployment and operation of applications.","
• Manage and tune security tools such as firewalls, WAF, IDS/IPS, EDR, SIEM, SOAR, CASB, DDoS protection to ensure optimal security performance.","
• Work with DevOps teams to embed security in CI/CD pipelines (DevSecOps practices) to ensure secure code deployment and testing.","
• Ensure compliance with IRDAI, RBI, GDPR, HIPAA, ISO 27001, NIST, PCI-DSS, SOC2 to maintain high standards of security and regulatory compliance.","
• Conduct third-party/vendor risk assessments and ensure supply chain security to minimize potential security risks.","
• Lead business continuity & disaster recovery (BCP/DR) from a security standpoint to ensure prompt recovery from security incidents.","
• Drive security awareness programs for employees and stakeholders to promote security best practices and culture.","

Required Skills and Qualifications:

Core Security Areas:

• ","
• Network Security: Firewalls, IDS/IPS, VPN, Zero Trust, SD-WAN, NAC to protect network infrastructure and data.","
• Endpoint Security: EDR/XDR solutions (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender) to detect and respond to endpoint threats.","
• Application Security: OWASP Top 10, SAST, DAST, RASP, API security to ensure secure coding practices and vulnerability remediation.","
• Cloud Security: CSPM, CWPP, CASB; secure configuration of AWS, Azure, GCP to ensure secure cloud operations.","
• Identity & Access Management: IAM, PAM (CyberArk, Okta, Ping, Azure AD, SailPoint) to manage identities and access rights.","
• Data Protection: DLP solutions, encryption (AES, RSA, TLS, PKI), key management, tokenization to protect sensitive data.","
• Security Operations: SIEM (Splunk, QRadar, ArcSight, ELK), SOAR, threat hunting, SOC operations to monitor and respond to security incidents.","
• Threat & Vulnerability Management: Qualys, Nessus, Rapid7, Burp Suite, Metasploit to identify and remediate potential vulnerabilities.","
• Incident Response & Forensics: EnCase, FTK, Volatility, Wireshark, memory forensics to investigate and respond to security incidents.","
• DevSecOps: Container scanning (Aqua, Twistlock, Snyk), CI/CD pipeline security, IaC scanning to ensure secure code deployment and testing.","
• Governance, Risk & Compliance (GRC): RSA Archer, ServiceNow GRC, ISO/NIST frameworks to maintain high standards of security and regulatory compliance.","

Advanced Areas:

• ","
• Red/Blue/Purple Teaming: Adversary simulation, MITRE ATT&CK framework to enhance threat intelligence and incident response.","
• Malware Analysis: Reverse engineering, sandboxing to analyze and remediate malware threats.","
• Blockchain & IoT Security: Secure protocols, device hardening to secure blockchain and IoT devices.","
• AI/ML Security: Model poisoning, adversarial attacks to detect and prevent AI/ML-based attacks.","
• Threat Intelligence: STIX/TAXII, MISP, integrating CTI feeds to enhance threat intelligence and incident response.","

Required Qualifications:

Bachelor's/Master's in Computer Science, Information Security, or related discipline to demonstrate strong technical knowledge and skills.

Certifications (one or more preferred): CISSP, CISM, CISA, CRISC (Governance & Risk), CEH, OSCP, OSWE, GPEN (Offensive Security), CCSP, CCSK, AZ-500, AWS Security Specialty (Cloud Security), ISO 27001 LA/LI, PCI-DSS, HIPAA, GDPR compliance certifications to demonstrate expertise in specific areas.

Soft Skills:

Excellent analytical, troubleshooting, and documentation skills to resolve complex security issues and communicate effectively.

Strong leadership capability for senior roles (mentoring SOC teams, driving projects) to lead and motivate teams towards security excellence.