Flat Rock logo

Senior Cybersecurity Specialist

Flat Rock
Full-time
On-site
Colombo, Sri Lanka
Main responsibilities
  • Regularly assess and review existing processes, tools, and systems to identify security vulnerabilities and recommend improvements.
  • Develop and implement best practices for maintaining the organization’s cybersecurity infrastructure.
  • Collaborate with software development teams to ensure secure coding practices are adhered to during all stages of the development lifecycle.
  • Conduct risk assessments and threat modelling exercises.
  • Develop and maintain cybersecurity policies, standards, and documentation
  • Provide penetration testing, vulnerability assessments, and security audits for client applications, networks, and systems.
  • Deliver detailed reports outlining findings, risks, and recommendations to clients.
  • Work with clients to design and implement robust security solutions tailored to their needs.
  • Stay up-to-date on emerging threats and communicate relevant findings and trends to clients and internal stakeholders.
Requirements
  • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
  • 3+ years of proven experience in cybersecurity, penetration testing, or a related role.
  • Strong knowledge of security tools (e.g., Nessus, Metasploit, Burp Suite, etc.) and frameworks (e.g., OWASP, MITRE ATT&CK, NIST CSF, etc.).
  • Strong understanding of secure software development practices and DevSecOps principles.
  • Familiarity with security compliance standards such as ISO 27001, SOC 2, GDPR, and PCI DSS.
  • Excellent analytical and problem-solving skills.
  • Effective communication skills with the ability to explain technical concepts to non-technical audiences.
  • Solid understanding of Cloud security practices and architecture (AWS, Azure, GCP).
  • Experience with Security Operations (SecOps), including SIEM/SOAR platforms and incident response.
  • Experience with Identity and Access Management (IAM) concepts and solutions.
  • Industry certifications such as CompTIA Security+, CySA+, CEH, CISSP, OSCP, CISM, or GIAC.
  • Experience working in an Agile/Scrum development environment.
  • Experience with security products such as Veeam, Acronis, Microsoft Sentinel, or CrowdStrike.
  • Understanding of Zero Trust architecture principles.
  • Experience with threat intelligence and threat hunting methodologies.
About us
Dear recruiters there is no need to edit this.