Cyber Security Specialist

The Senior Cybersecurity Specialist is responsible for leading the design, implementation, and management of the organization’s cybersecurity strategy, ensuring the confidentiality, integrity, and availability of information systems. This role involves monitoring threats, conducting security assessments, and driving the implementation of advanced security solutions. The Senior Cybersecurity Specialist will also mentor junior team members and collaborate with IT, business, and compliance teams to protect the organization against evolving cyber risks.

• Develop, implement, and continuously improve cybersecurity policies, standards, and procedures.
• Ensure compliance with regulatory requirements, frameworks, and industry best practices (e.g., ISO 27001, NIST, GDPR, PDPA).
• Act as a subject matter expert in risk management and provide recommendations to senior management.

• Lead the detection, investigation, and response to cybersecurity incidents.
• Monitor security events using SIEM tools and threat intelligence platforms.
• Conduct forensic analysis and root-cause investigations after incidents.
• Develop and test incident response and disaster recovery plans.

• Design and implement security architecture for networks, systems, and applications.
• Perform vulnerability assessments, penetration testing, and security reviews.
• Oversee patch management, endpoint security, firewalls, intrusion detection/prevention systems, and cloud security controls.
• Collaborate with DevOps and application teams to integrate security into the software development lifecycle (DevSecOps).

• Identify, assess, and manage cybersecurity risks across the organization.
• Conduct regular audits, risk assessments, and compliance checks.
• Prepare reports and present cybersecurity posture to executive leadership.

• Mentor and guide junior cybersecurity team, fostering skill development.
• Conduct security awareness training for employees to build a culture of cyber resilience.
• Stay updated on emerging threats, tools, and technologies, and evaluate their relevance to the organization.

• Bachelor’s degree in Computer Science, Information Security, or related field (Master’s preferred).
• 7+ years of hands-on experience in cybersecurity roles, with at least 2–3 years in a senior or lead capacity.
• Professional certifications preferred: CISSP, CISM, CISA, CEH, OSCP, CCSP or equivalent.
• Strong knowledge of security technologies: SIEM, IDS/IPS, firewalls, VPNs, DLP, WAF, EDR, MFA, PKI.
• Experience with cloud security (AWS, Azure, GCP) and DevSecOps practices.
• Familiarity with compliance and regulatory requirements (ISO 27001, NIST, SOC2, PCI DSS, GDPR, PDPA).
• Excellent analytical, problem-solving, and communication skills.