IT Cyber Security Specialist

Overview

The IT Cyber Security Specialist is responsible for providing technical expertise in safeguarding the organization's IT and OT environments through active monitoring, testing, and implementation of cybersecurity measures. The role involves hands-on work in vulnerability management, penetration testing, security monitoring, incident response, and technical implementation of security controls in line with internal policies and international standards. Job Summary

This role focuses on maintaining and improving the organization's cyber defense capabilities by implementing advanced security technologies, performing security assessments, managing security incidents, and providing subject matter expertise to projects. The IT Cyber Security Specialist will play a crucial role in ensuring compliance with ISMS, NIAP, QCSF, and other security frameworks, while supporting business continuity and resilience goals. Responsibilities

Perform vulnerability scanning, penetration testing, and configuration reviews of IT / OT systems. Monitor SIEM dashboards and threat intelligence feeds, investigate alerts, and respond to incidents. Implement, configure, and maintain firewalls, IDS / IPS, endpoint security, and encryption tools. Lead and support security incident detection, triage, containment, eradication, and recovery. Perform root cause analysis and digital forensic investigations on compromised systems. Maintain and update incident response playbooks. Implement system and application hardening standards (Windows, Linux, Databases, Cloud). Support IAM, PAM, and multi-factor authentication deployments. Ensure secure configurations for cloud platforms (Azure, AWS, GCP). Support ISMS, NIAP, and QCSF compliance by providing evidence, logs, and reports. Participate in risk assessments, assist in risk treatment plan execution, and ensure follow-ups. Conduct technical assessments for PCI-DSS, GDPR, and data privacy requirements. Provide technical security input into IT projects to ensure secure design and architecture. Review source code and conduct application security testing (SAST / DAST / SCA). Contribute to security awareness campaigns and technical training sessions. Research emerging threats, vulnerabilities, and attack techniques to enhance defenses. Suggest improvements for monitoring, detection, and prevention capabilities. Qualifications and Experience

Bachelor’s / master’s degree in computer science, Information Technology, Cybersecurity, or a related field. (or) Information Security, Business Administration, or related fields is preferred but not mandatory. 5+ Years overall IT, with at least 3 years hands-on experience in Cyber Security Operations, Incident Response, and Security Engineering. Certificates & Trainings : Offensive Security Certified Professional (OSCP) Certified Ethical Hacker (CEH) GIAC Certified Incident Handler (GCIH) / GIAC Penetration Tester (GPEN) ISO / IEC 27001 Implementer or Auditor CISSP / CISM (added advantage) Cloud Security (AWS / Azure / GCP certifications preferred) Strong hands-on knowledge in penetration testing, SIEM monitoring, malware analysis, and endpoint security. Penetration Testing & Vulnerability Management :

Strong hands-on expertise in conducting penetration tests, red-team / blue-team exercises, and vulnerability assessments using tools such as Kali Linux, Nessus, Burp Suite, and OpenVAS. Security Monitoring & Incident Response :

Proficient in SIEM monitoring, malware analysis, log correlation, and real-time threat detection / response using platforms such as Splunk, QRadar, or similar tools. Endpoint & Network Security :

Skilled in deploying and maintaining endpoint protection, EDR solutions, IDS / IPS systems, and firewalls, along with implementing secure VPNs, DNS security, and encryption technologies. Cloud Security :

Hands-on experience in securing workloads on AWS, Azure, and GCP, with strong understanding of shared responsibility models, IAM roles, and cloud-native security tools. Identity & Access Management (IAM) : Practical experience in configuring and administering IAM solutions such as Microsoft Active Directory, Okta, or other MFA / PAM tools. Governance, Risk & Compliance (GRC) : Familiarity with GRC platforms (e.g., ServiceNow GRC, Archer) to support compliance reporting, risk assessments, and audit evidence gathering. Risk Assessment Tools : Working knowledge of risk identification and tracking tools (e.g., RSA Archer, Risk Watch) to assist in cyber risk management activities. Security Architecture & Hardening : Experience in applying secure configuration standards for servers, networks, databases, and applications, aligned with frameworks such as CIS Benchmarks, NIST, and ISO 27001. Forensics & Threat Analysis : Ability to perform basic digital forensics, root cause analysis, and malware analysis to support post-incident investigations. Seniority level

Mid-Senior level Employment type

Full-time Job function

Information Technology Industries

Manufacturing

#J-18808-Ljbffr