Key Responsibilities

• Penetration Testing & Vulnerability Assessment: Conduct comprehensive penetration testing (white-box and black-box) to identify vulnerabilities in networks, web applications, and systems. Use tools such as Metasploit, Nessus, Burp Suite, and Nmap to perform assessments.
• Security Audits: Perform regular security audits, analyze findings, and provide recommendations to remediate potential weaknesses.
• Incident Response: Assist in identifying, analyzing, and responding to security incidents, including breaches, malware infections, and other types of cyberattacks.
• Security Monitoring: Monitor network traffic and logs for suspicious activity, using intrusion detection/prevention systems (IDS/IPS), SIEM tools, and other monitoring software.
• Vulnerability Management: Identify, assess, and mitigate vulnerabilities within internal and external IT environments, including web servers, applications, and databases.
• Threat Intelligence: Stay up-to-date on the latest security threats and trends in the cyber security landscape. Collaborate with external threat intelligence platforms to gather and apply relevant insights.
• Security Best Practices: Develop and enforce security policies, procedures, and best practices across the organization, ensuring that systems are secure and meet compliance standards.
• Collaboration & Reporting: Work closely with internal teams (DevOps, IT, and Management) to integrate security measures and assist with security-related concerns. Provide reports and presentations to stakeholders, outlining security assessments and remediation plans.
• Security Awareness Training: Conduct internal training sessions to promote awareness of common cyber threats (phishing, social engineering, etc.) and security best practices for employees.
• Compliance: Ensure the organization's cybersecurity policies and practices are aligned with regulatory standards such as GDPR, HIPAA, PCI-DSS, etc.
• Tool Management & Automation: Configure, manage, and enhance cyber security tools, and automate repetitive tasks to improve efficiency.

Required Skills and Qualifications

• Certified Ethical Hacker (CEH) certification is required (or equivalent security certifications such as CISSP, OSCP).
• Strong knowledge of networking protocols (TCP/IP, DNS, HTTP/S, etc.) and network security.
• Proven experience in performing penetration tests, security assessments, and vulnerability management.
• Proficiency with penetration testing tools such as Kali Linux, Metasploit, Burp Suite, Nessus, Wireshark, and Nmap.
• Hands-on experience with firewall management, IDS/IPS systems, and SIEM tools.
• Strong understanding of operating systems security (Windows, Linux, macOS) and web applications.
• Experience with cryptographic protocols, encryption, and secure communications.
• Knowledge of incident response protocols, including malware analysis, forensics, and digital evidence handling.
• Familiarity with regulatory requirements and industry standards (GDPR, HIPAA, PCI-DSS).
• Understanding of cloud security (AWS, Azure, GCP) and securing cloud infrastructures.
• Strong troubleshooting, problem-solving, and analytical skills.
• Excellent communication and interpersonal skills to effectively interact with cross-functional teams and present findings to management.