Security Expert (Application Security Consultant)

Role Summary

We are looking for a seasoned Security Expert with proven experience in Healthcare or Banking domains to define and validate application and infrastructure security for a national healthcare data platform. The consultant will ensure end-to-end data protection, compliance with privacy regulations, and implementation of strong security practices across all system layers.

This is a consulting engagement focused on designing, validating, and auditing security configurations during the architecture, implementation, and preGo-Live phases.

Responsibilities:

• Define and validate security configurations across backend, infrastructure, and integrations.
• Implement and review data protection strategies , including data redaction, masking, and anonymization .
• Design and oversee PII data handling practices compliant with GDPR and local healthcare data protection laws .
• Implement and validate database encryption (at rest and in transit) and key management policies .
• Configure and audit Keycloak (OIDC/SAML) for authentication and role-based access control.
• Define secure management of secrets and credentials using Vault .
• Set up and review API security , TLS/SSL configurations , and network segmentation .
• Integrate and validate system monitoring and logging tools (ELK Stack, Prometheus, Grafana ) for security observability .
• Support the implementation of DevSecOps practices for CI/CD pipelines and container security (Docker/Kubernetes hardening ).
• Conduct vulnerability assessments, penetration testing , and coordinate with audit teams.
• Ensure compliance with ISO 27001 , ISO 27701 , and GDPR standards.

Skills & Experience

• 8+ years of experience in application and infrastructure security .
• Must have experience in Healthcare or Banking domains with exposure to high-sensitivity data environments.
• Deep understanding of data privacy, PII protection, and data redaction techniques .
• Strong expertise in database encryption , TLS/SSL , and data masking .
• Proficiency with Keycloak , Vault , and OPA (Open Policy Agent) .
• Experience implementing DevSecOps , vulnerability management , and SIEM (e.g., IBM QRadar ).
• Knowledge of network security, zero-trust principles , and incident response processes.
• Familiarity with regulatory frameworks such as GDPR , ISO 27001/27701 , or HIPAA (preferred).
• Strong documentation and audit-readiness capabilities.