Senior Cybersecurity Services Specialist

What you’ll do

As a domain expert within the CISO Office, you will work closely with senior stakeholders and engineering teams to uplift VAPT standards, application security, and secure development across the organisation.

Key responsibilities include:

• Define and maintain security testing standards (VAPT) and Ministry/organisation-wide frameworks

• Develop SOPs to guide teams on vendor engagement and security testing cycles

• Build quality rubrics and conduct sampling reviews to improve testing rigour and outcomes

• Lead complex red teaming / deep-dive penetration testing for high-impact systems

• Simulate real-world adversaries using latest TTPs (MITRE ATT&CK) and threat intelligence

• Establish secure coding standards (OWASP / SANS) and uplift secure SDLC practices

• Drive SAST / SCA strategy
  , including tool evaluation and automation

• Advise teams on integrating security into CI/CD pipelines (Dev Sec Ops )

• Partner with stakeholders to promote a strong secure-by-design culture

• 8–10 years of hands‑on cybersecurity experience (offensive security / App Sec focus)

• Strong track record in penetration testing across web apps, on‑prem / cloud systems, and networks

• Experience with
  manual & automated code review (logic flaws, injections, crypto issues)

• Strong knowledge of SSDLC and ability to work with common programming languages (Java, Python, .NET, JavaScript)

• Familiar with tools like Burp Suite, Checkmarx, Fortify, Sonar Qube, Snyk (or equivalents)

• Experience with
  Dev Ops/CI tools (e.g., Jenkins, Git Lab CI, Git Hub Actions)

• Certifications preferred:
  OSCP / OSWE / CASE / GWEB (or similar)

• Strong communication skills to influence stakeholders and drive standards across teams