Cyber Security Specialist

Job Description

Qualifications & Requirements

• Proven experience as a Security Analyst, Security Engineer, or Penetration Tester
• Strong understanding of securing corporate environments and business applications
• Hands-on experience with manual penetration testing and DAST tools/techniques
• Ability to analyze scan results and recommend clear remediation or mitigation plans
• Working knowledge of penetration testing tools and platforms (Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark)
• Strong understanding of common vulnerabilities and attack vectors (SQL Injection, XSS, buffer overflows) and their mitigations
• Familiarity with standards and frameworks such as OWASP, CVE, CWE, SANS and NIST
• Understanding of Transport Layer Security (TLS) and secure communication mechanisms
• Foundational knowledge of hosting platforms, public cloud services, and enterprise networking
• Familiarity with secure coding practices and vulnerability management frameworks (OWASP)
• Proficiency in Python or Bash scripting for automation and security tasks
• Familiarity with network protocols and encryption concepts
• Understanding of regulatory and compliance frameworks (PCI DSS, GDPR)
• Continuous learning mindset with curiosity to explore new tools and techniques (HTB, TryHackMe, labs, self-learning)

Responsibilities

Security Engineering & Implementation

• Implement and maintain security controls across cloud infrastructure, web applications, and internal systems
• Support secure configuration of services, including access controls, secrets management, and API security
• Review and strengthen components related to identity, authentication, and transaction workflows
• Perform regular vulnerability scans and hands-on penetration testing
• Identify and exploit security weaknesses using both manual and automated techniques
• Develop and execute structured testing methodologies and test plans

Threat Modelling & Risk Awareness

• Participate in threat modelling exercises and security design reviews for new features and system changes
• Identify risks and misconfigurations and partner with engineers to remediate them
• Track emerging vulnerabilities and evolving attack techniques

Reporting & Remediation

• Prepare clear, detailed vulnerability reports with risk-based analysis
• Validate the effectiveness of implemented fixes
• Reduce false positives from tool-generated reports
• Communicate findings and remediation guidance to both technical and non-technical stakeholders

Collaboration

• Work closely with engineering and product teams to embed security into everyday development
• Act as a trusted security advisor during application design and delivery