Cyber Security Specialist - Penetration Testing

We are looking for a skilled Cybersecurity Specialist / Security Engineer to ensure the security of our healthcare data platform. The ideal candidate will have expertise in ISO 27001 compliance, vulnerability testing, penetration testing, and cybersecurity best practices.

Responsibilities :

- Conduct ISO testing to ensure compliance with ISO 27001 and other relevant security standards.

- Perform white-box and black-box penetration testing (e.g., WASP 10-15).

- Identify and mitigate security vulnerabilities through rigorous vulnerability assessments.

- Collaborate with development teams to ensure secure coding practices.

- Maintain Information Security Management System (ISMS) and enforce security policies.

- Implement cybersecurity frameworks and best practices across platforms.

- Monitor and respond to security incidents, ensuring rapid incident response and recovery.

- Work with external auditors and regulators to ensure compliance with industry standards.

- Stay updated with the latest cyber threats, attack vectors, and mitigation techniques.

- Develop and enforce identity and access management (IAM) policies to ensure proper user access controls.

- Conduct risk assessments and threat modeling to identify potential security risks.

- Ensure cloud security best practices are followed in AWS, Azure, or GCP environments.

- Implement network security measures, including firewalls, intrusion detection, prevention systems, and VPNs.

- Design and implement incident response plans and conduct security drills.

- Develop and maintain security awareness training programs for employees.

- Conduct log analysis and security monitoring using SIEM tools.

Requirements :

- 3 to 6 years of experience in cybersecurity, preferably in the healthcare or AI domain.

- Strong in Shell scripting.

- Strong knowledge of ISO 27001 ISMS, GDPR, and HIPAA compliance.

- Hands-on experience with vulnerability assessment tools (e.g., Nessus, Burp Suite, Metasploit).

- Experience in WASP 10-15 security testing methodologies.

- Expertise in cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes).

- Familiarity with SIEM tools, intrusion detection systems, and endpoint protection.

- Strong analytical and problem-solving skills with a security-first mindset.

- Security certifications such as CEH, CISSP, OSCP, CISM, or Security+ are a plus.

- Experience in zero-trust architecture and secure software development life cycle (SDLC).

- Familiarity with blockchain security, AI security, and adversarial machine learning.

- Prior experience securing healthcare or financial data platforms.

- Strong knowledge of encryption, authentication, and access control mechanisms.