Position Summary:
- The Cybersecurity Expert will be responsible for implementing, maintaining, and auditing the organization’s information security framework, with a strong focus on ISO/IEC 27001 compliance. This role ensures that the company’s data and systems are secure from threats, and operates within the required legal and regulatory guidelines.
Key Responsibilities:
• Implement and maintain the ISO/IEC 27001 Information Security Management System (ISMS).
• Conduct risk assessments and develop mitigation strategies for cyber threats and vulnerabilities.
• Ensure continuous improvement of information security policies, procedures, and controls.
• Perform internal audits and prepare the organization for external ISO 27001 audits and certifications.
• Manage and resolve cybersecurity incidents, coordinating response plans and investigations.
• Provide guidance on secure development practices and secure system architecture.
• Train employees and departments on information security awareness and best practices.
• Collaborate with IT, legal, and compliance teams to ensure security is embedded across operations.
• Monitor security tools, log data, and system alerts to detect and respond to anomalies.
Penetration Testing
• Conduct application, API, mobile, network, and cloud penetration tests on internal and client systems.
• Simulate real-world attack scenarios to uncover exploitable vulnerabilities.
• Develop custom scripts, payloads, or tools to support advanced testing needs.
• Document findings with clear proof-of-concepts (PoCs) and technical impact analysis.
Vulnerability Assessment & Management
• Perform ongoing vulnerability scanning using industry-standard tools (e.g., Nessus, Qualys, OpenVAS, Burp Suite).
• Analyze scan results, validate findings, and prioritize remediation based on risk levels.
• Track remediation progress and provide guidance to development and DevOps teams.
• Maintain a continuous vulnerability management lifecycle including discovery, analysis, reporting, and verification.
Security Review & Advisory
• Collaborate with software development and DevOps teams to conduct secure code reviews and architecture assessments.
• Provide recommendations for secure design, configuration, and coding practices.
• Support clients by explaining vulnerabilities, associated risks, and mitigation strategies in clear, understandable language.
Monitoring & Threat Intelligence
• Monitor emerging threats, exploits, and security best practices to keep assessment methodologies up to date.
• Integrate threat intelligence into testing strategies to mimic current attacker techniques (TTPs).
Documentation & Reporting
• Prepare detailed penetration test reports, executive summaries, and risk-based recommendations.
• Maintain accurate records of assessments, testing plans, methodologies, and remediation efforts.
• Present findings to both technical and non-technical stakeholders, internal and external.
Requirements:
• 5+ years of experience in a cybersecurity role, with hands-on ISO 27001 implementation and auditing.
• Certified ISO/IEC 27001 Lead Implementer or Auditor (mandatory).
• Strong understanding of risk assessment, GRC frameworks, and security operations.
• Proficient in tools and technologies such as SIEM, IDS/IPS, vulnerability scanners, and endpoint protection.
• Excellent documentation and reporting skills.
• Bachelor’s degree in Cybersecurity, IT, or a related field; relevant certifications (CISSP, CISA, etc.) preferred.