Our client is seeking an experienced and highly skilled Cyber Security Assurance Specialist. Duties will include managing Security and Privacy by Design Assurance (SPDA) processes, ensuring that all projects follow the security-by-design principles, and that privacy and security risks are mitigated from the design phase to implementation, as well as conducting internal and external penetration tests on the company’s infrastructure, web applications, APIs, and network systems to identify vulnerabilities.
Duties and Responsibilities:
- Managing Security and Privacy by Design Assurance processes
- Ensuring all projects are following security-by-design principles and that privacy and security risks are being mitigated from the design phase through to implementation
- Conducting internal and external penetration testing on the company infrastructure, web applications, application programming interfaces, and network systems to identify vulnerabilities
- Assessing the security of new and existing systems, products, and services to ensure compliance with company security policies, industry standards, and best practices
- Safely exploiting vulnerabilities to determine the risks of unauthorised access or data compromise
- Conducting both automated and manual testing to evaluate the resilience of systems against various attack vectors
- Architecting and designing cybersecurity systems in line with industry best practices to ensure security, performance, and scalability
- Collaborating with Information Technology teams to ensure secure integration of new systems and services and confirming compliance with cybersecurity requirements
- Implementing threat modelling and risk assessments in the design phase of security systems and software
- Reviewing and providing security assessments of company technology projects to address any Material, Procedural, and Administrative risks, ensuring early mitigation
- Ensuring all projects are being designed, executed, and delivered with the required security baselines in mind
- Staying up to date with the latest security trends, attack techniques, and mitigation strategies to ensure the organisation remains ahead of emerging threats
- Researching and implementing innovative cybersecurity technologies and methodologies to enhance overall defence posture
- Participating in knowledge sharing, training, and mentoring activities within the Cybersecurity Team to foster a culture of continuous learning and improvement
Minimum Requirements:
- Minimum of 3 years experience in penetration testing or ethical hacking
- Certification such as OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional) or CISA (Certified Information Systems Auditor)
- Proficiency in penetration testing tools such as Kali Linux, Burp Suite, Metasploit, Nessus, etc.
- Strong knowledge of network security, web application security, cloud security, and mobile application security
- Familiarity with programming/scripting languages like Python, Bash, Ruby, PowerShell, or JavaScript
- In-depth understanding of TCP/IP, DNS, HTTP/S, SSL/TLS, and other network protocols
- Solid understanding of common attack techniques like SQL injection, XSS, CSRF, buffer overflow, and others