Security Expert

Key Responsibilities:

• Security Strategy Development: Develop and implement a comprehensive security strategy that addresses the unique challenges of banking, e-commerce, and e-learning platforms.
• Risk Assessment: Conduct regular risk assessments, vulnerability assessments, and penetration tests to identify potential threats and vulnerabilities within the platform.
• Compliance Management: Ensure that the platform complies with industry regulations and standards, such as PCI-DSS, GDPR, and other relevant security frameworks.
• Data Protection: Implement and manage data protection strategies, including encryption, secure data storage, and secure transmission of sensitive information across the platform.
• Identity and Access Management (IAM): Design and manage robust identity and access management systems, including multi-factor authentication, role-based access control, and secure session management.
• Incident Response: Develop and maintain an incident response plan to quickly and effectively respond to security breaches or other security-related incidents.
• Security Awareness: Promote security awareness across the organization, providing training and guidance to employees on best practices for maintaining security in their roles.
• Security Architecture: Work closely with the development and infrastructure teams to design and implement secure architecture solutions, ensuring that security is embedded in the development lifecycle.
• Monitoring and Reporting: Set up and manage security monitoring tools, conduct regular security audits, and generate reports for management on the security posture of the platform.
• Threat Intelligence: Stay updated on the latest security threats, vulnerabilities, and trends, and apply this knowledge to continuously improve the security posture of the platform.
• Vendor Management: Assess and manage security risks associated with third-party vendors, ensuring that they meet our security standards and requirements.
• Collaboration: Work closely with cross-functional teams, including development, DevOps, compliance, and legal, to ensure that security considerations are integrated into all aspects of the platform.

Required Skills and Qualifications:

• 7+ years of experience in cybersecurity, with a focus on securing banking, e-commerce, and e-learning platforms.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or similar.
• Proven experience in conducting risk assessments, vulnerability assessments, and managing security risks in complex environments.
• In-depth knowledge of industry regulations and standards, including PCI-DSS, GDPR, ISO 27001, and others.
• Strong technical skills in areas such as encryption, firewalls, intrusion detection/prevention systems (IDS/IPS), network security, and secure software development practices.
• Expertise in identity and access management, including experience with tools such as Okta, Azure AD, or similar IAM solutions.
• Hands-on experience in developing and managing incident response plans, including handling real-world security incidents.
• Experience with securing cloud environments, including AWS, Azure, or Google Cloud, and knowledge of cloud-native security tools and best practices.
• Strong understanding of security architecture principles and experience in designing secure systems.
• Excellent verbal and written communication skills, with the ability to communicate complex security concepts to technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with the ability to make sound decisions under pressure.
• Prior experience in securing platforms within the banking, e-commerce, or e-learning sectors is highly desirable.
• Experience with security automation tools and techniques, such as using scripts or tools to automate vulnerability scans, compliance checks, and incident response tasks.
• Familiarity with DevSecOps practices, integrating security into the DevOps pipeline.
• Experience in digital forensics, threat hunting, and malware analysis.