Job Description
As an IT security specialist, you will play a pivotal role in establishing and overseeing both offensive and defensive cybersecurity strategies. This includes building a capable team and implementing systems from the ground up.
Your responsibilities will encompass conducting vulnerability assessments, performing penetration testing (Red Team), and ensuring strong defenses by monitoring and responding to security threats (Blue Team). The focus will be on creating a resilient security framework that anticipates and mitigates potential risks, while fostering a culture of cybersecurity awareness and readiness.
Job Description
- Perform penetration testing on network infrastructure, applications, and systems to identify vulnerabilities.
- Simulate real-world attacks using ethical hacking techniques, including social engineering, phishing, and network exploits.
- Conduct red teaming exercises to evaluate the security posture of the organization.
- Document and report weaknesses with detailed recommendations for remediation.
- Collaborate with the Blue Team to understand defensive strategies and bypass protections.
- Monitor security systems (e.g., SIEMs) to detect, investigate, and respond to incidents.
- Implement and maintain firewalls, IDS/IPS, and other security infrastructure.
- Create and update incident response plans for detecting and mitigating cyber threats.
- Lead threat hunting exercises, using threat intelligence to identify emerging threats.
- Ensure continuous monitoring of security controls and address any vulnerabilities highlighted by the Red Team.
- Perform security audits to ensure compliance with security standards (e.g., ISO 27001, NIST).
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Min 2-3 years experience as IT Security engineer with experience in both of Red & Blue teams
- Strong knowledge of network security, vulnerability assessment, ethical hacking, and threat intelligence.
- Proficiency in penetration testing tools (e.g., Metasploit, Burp Suite) and defensive tools (e.g., Splunk, Wireshark).
- Experience in both attack methodologies (e.g., privilege escalation, lateral movement) and defensive strategies (e.g., intrusion detection, malware analysis).
- Certifications such as OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), or CEH (Certified Ethical Hacker).
- Strong communication skills and ability to work with cross-functional teams, including developers, network engineers, and management, to improve security.
- Good problem solving and can quickly adapt and resolve security threats as they emerge.
- Possess good attention to detail, able to dilligently identifying vulnerabilities and ensuring nothing is overlooked during assessments or incident response.