Cybersecurity Specialist

Position Summary:

• The Cybersecurity Expert will be responsible for implementing, maintaining, and auditing the organization’s information security framework, with a strong focus on ISO/IEC 27001 compliance. This role ensures that the company’s data and systems are secure from threats, and operates within the required legal and regulatory guidelines.
  
  Key Responsibilities:
  • Implement and maintain the ISO/IEC 27001 Information Security Management System (ISMS).
  • Conduct risk assessments and develop mitigation strategies for cyber threats and vulnerabilities.
  • Ensure continuous improvement of information security policies, procedures, and controls.
  • Perform internal audits and prepare the organization for external ISO 27001 audits and certifications.
  • Manage and resolve cybersecurity incidents, coordinating response plans and investigations.
  • Provide guidance on secure development practices and secure system architecture.
  • Train employees and departments on information security awareness and best practices.
  • Collaborate with IT, legal, and compliance teams to ensure security is embedded across operations.
  • Monitor security tools, log data, and system alerts to detect and respond to anomalies.
  
  Penetration Testing
  • Conduct application, API, mobile, network, and cloud penetration tests on internal and client systems.
  • Simulate real-world attack scenarios to uncover exploitable vulnerabilities.
  • Develop custom scripts, payloads, or tools to support advanced testing needs.
  • Document findings with clear proof-of-concepts (PoCs) and technical impact analysis.
  
  Vulnerability Assessment & Management
  • Perform ongoing vulnerability scanning using industry-standard tools (e.g., Nessus, Qualys, OpenVAS, Burp Suite).
  • Analyze scan results, validate findings, and prioritize remediation based on risk levels.
  • Track remediation progress and provide guidance to development and DevOps teams.
  • Maintain a continuous vulnerability management lifecycle including discovery, analysis, reporting, and verification.
  
  Security Review & Advisory
  • Collaborate with software development and DevOps teams to conduct secure code reviews and architecture assessments.
  • Provide recommendations for secure design, configuration, and coding practices.
  • Support clients by explaining vulnerabilities, associated risks, and mitigation strategies in clear, understandable language.
  
  Monitoring & Threat Intelligence
  • Monitor emerging threats, exploits, and security best practices to keep assessment methodologies up to date.
  • Integrate threat intelligence into testing strategies to mimic current attacker techniques (TTPs).
  
  Documentation & Reporting
  • Prepare detailed penetration test reports, executive summaries, and risk-based recommendations.
  • Maintain accurate records of assessments, testing plans, methodologies, and remediation efforts.
  • Present findings to both technical and non-technical stakeholders, internal and external.
  
  Requirements:
  • 5+ years of experience in a cybersecurity role, with hands-on ISO 27001 implementation and auditing.
  • Certified ISO/IEC 27001 Lead Implementer or Auditor (mandatory).
  • Strong understanding of risk assessment, GRC frameworks, and security operations.
  • Proficient in tools and technologies such as SIEM, IDS/IPS, vulnerability scanners, and endpoint protection.
  • Excellent documentation and reporting skills.
  • Bachelor’s degree in Cybersecurity, IT, or a related field; relevant certifications (CISSP, CISA, etc.) preferred.