Job Description
Job Title IT Security Senior Professional
Sector Operations
Division IT
Section Strategy & Compliance
Unit IT Security
Report To IT Security Manager
Main Job Purpose:
The primary objective of this role is to contribute to the development and continual enhancement of
enterprise security architecture and controls to safeguard critical systems, applications, and data assets.
This role involves evaluating complex security risks and implementing advanced detection, protection, and
governance mechanisms that strengthen the organization’s overall security posture. Additionally, oversee
security standards, influence technical decisions, and ensure alignment with regulatory requirements and
business priorities. Moreover, contribute deep subject-matter expertise to guide cross-functional teams and
support long-term security strategy and resilience.
Duties & Responsibilities:
1. Contribute to leading efforts to strengthen the organization’s security posture by collaborating with
senior IT security leadership to design, validate, and enhance enterprise-wide security controls.
2. Oversee and guide security integration within corporate projects, ensuring that security
requirements, threat modeling, and risk mitigation strategies are embedded from project initiation
through completion.
3. Develop and deliver advanced information security awareness initiatives, contributing expert
insights to elevate the organization’s security culture and influence stakeholder behavior.
4. Evaluate, implement, and optimize enterprise security policies and controls, ensuring consistent
governance and alignment with regulatory and organizational standards.
5. Architect and validate advanced application security mechanisms, including WAF configurations,
SSL/TLS hardening, and secure application design principles.
6. Lead security patching governance by guiding software and infrastructure teams in assessing,
prioritizing, and validating patch deployment based on risk and criticality.
7. Oversee access governance processes, ensuring that identity lifecycle management, privilege
assignments, and control mechanisms meet organizational security requirements.
8. Evaluate and approve whitelisting requests and security exceptions, ensuring decisions are
risk-based and compliant with established security guidelines.
9. Drive secure development lifecycle (SDLC) practices, advising development teams on secure coding,
architecture reviews, and embedded security controls throughout the application’s lifecycle.
10. Contribute to leading incident response activities, providing advanced analysis during security
events and coordinating technical recovery actions in alignment with formal incident response
procedures.
11. Conduct and oversee enterprise vulnerability management, performing advanced vulnerability
analysis and driving remediation plans with system and application owners.
12. Perform and validate complex penetration testing and security assessments across systems,
applications, networks, and databases, delivering insights that support long-term risk reduction.
13. Analyze and correlate advanced security events within the SIEM, identifying emerging threats,
tuning detection rules, and refining SOC monitoring strategies for improved accuracy.
14. Serve as a senior SOC Tier-2 analyst, leading threat investigations, validating escalations, and guiding
SOC processes to ensure rapid and effective response.
15. Oversee enterprise malware defense practices, performing advanced malware analysis,
coordinating containment, and ensuring effective remediation by relevant teams.
16. Provide expert oversight across security operations processes including access control, application
whitelisting, threat handling, availability monitoring, and email security, ensuring continuous
resilience and operational integrity.
Behavioral Competencies:
1. Communication: Effectively communicates complex technical concepts to both technical and
non-technical stakeholders, ensuring clarity, alignment, and informed decision-making across
teams.
2. Collaboration: Builds strong partnerships with cross-functional teams—including IT, Networks,
Development, and Compliance—to align security initiatives with business objectives.
3. Complex Problem-Solving: Analyzes multi-layered security challenges, evaluates variable factors,
and develops innovative solutions to mitigate risks.
4. Analytical Thinking: Applies advanced analytical skills to interpret threat intelligence, correlate
security events, and identify patterns or emerging risks.
5. Proactivity & Initiative-Taking: Proactively identifies security risks, improvement opportunities,
and emerging threats before they escalate.
6. Result Orientation: Drives measurable security outcomes by prioritizing tasks effectively, meeting
deadlines, and ensuring the successful implementation of security controls.
Technical Competencies:
1. Advanced Threat Detection & SOC Operations: Demonstrates advanced proficiency in SIEM
technologies, behavioral analytics, and SOC Tier-2/3 operations.
2. Secure Systems Architecture & Design: Applies in-depth knowledge of secure architecture principles
to evaluate, enhance, and influence the design of enterprise systems, networks, and applications.
3. Vulnerability Management & Penetration Testing: Expert in executing and validating vulnerability
assessments, penetration tests, and risk-based remediation programs across infrastructure,
applications, databases, and cloud environments.
4. Application Security & Secure SDLC: Possesses strong command of secure coding principles, WAF
technologies, API and web application security, and secure development lifecycle practices.
5. Database Security & Privileged Access Governance: Advanced expertise in securing enterprise
databases, implementing DAM solutions, monitoring privileged activity, and establishing risk-based
access governance controls to mitigate insider threats and abnormal data activity.
6. Cryptography & Data Protection: Deep knowledge of encryption standards, secure key
management, tokenization, data masking, and protection of data in transit and at rest.
Qualifications:
Education
A bachelor’s degree in Information Technology, Computer Engineering, Cybersecurity, or
a related technical field.
Experience
5-6 years of progressive experience in cybersecurity operations, architecture, application
security, SOC, or related security domains.
Certificates
CISSP (Certified Information Systems Security Professional) | OSCP (Offensive Security
Certified Professional) | CEH (Certified Ethical Hacker) is preferred.
Language Fluency in the English language (Written & Spoken).
