Senior Cybersecurity Specialist (Security Services) (JD#10786)

Job Summary

We are seeking for a senior cybersecurity professional responsible for advancing security testing, offensive security, and secure-by-design capabilities across a large ministry ecosystem. Acts as a technical authority bridging governance with hands-on execution, driving a shift from reactive security to proactive, standardized, and resilient security practices.

Mandatory Skill-set

• Minimum 8 years of hands-on technical experience in cybersecurity, with a strong focus on offensive security and application security;
• Must have OSCP certification – mandatory for Security Services role;
• Must have proven experience conducting penetration testing across web applications, IT systems, cloud platforms, and complex network environments;
• Expertise in manual and automated source code reviews; strong understanding of secure software development lifecycle (SSDLC);
• Ability to read and analyze code in Java, Python, .NET, and JavaScript;
• Proficiency with SAST, DAST, SCA, and VAPT tools such as Checkmarx, Fortify, SonarQube, Snyk, and Burp Suite;
• Strong understanding of MITRE ATT&CK framework, adversary TTPs, and hands-on use of CI/CD tools (Jenkins, GitLab CI, GitHub Actions);
• Practical experience working in cloud environments, including government-regulated cloud platforms;
• Ability to clearly communicate complex technical risks to non-technical stakeholders.

Desired Skill-set

• OSWE (Offensive Security Web Expert), CASE, GWEB, or equivalent advanced security certifications
• Experience leading red team engagements and adversary simulation exercises
• Strong analytical skills to identify recurring security gaps and improve testing quality
• Demonstrated ability to mentor teams and uplift security maturity across multiple organizations
• High intellectual curiosity with continuous learning mindset in evolving threat landscapes

Responsibilities

• Define and maintain ministry-wide security testing frameworks covering Vulnerability Assessment and Penetration Testing (VAPT);
• Develop and roll out SOPs for engaging external security vendors and managing internal security testing cycles;
• Create quality rubrics to assess penetration testing vendors and conduct periodic reviews of testing reports;
• Lead complex red teaming exercises and advanced penetration tests on high-impact systems;
• Simulate real-world adversary attacks using current threat actor tactics, techniques, and procedures (TTPs);
• Continuously monitor the global threat landscape and update security testing standards accordingly;
• Establish and enforce secure coding standards aligned with OWASP and SANS guidelines;
• Lead strategies for Static Application Security Testing (SAST) and Software Composition Analysis (SCA);
• Evaluate and recommend security tools for source code analysis and third-party library risk detection;
• Provide guidance on integrating security tools into CI/CD pipelines (DevSecOps);
• Review and recommend systems that improve overall code quality with security as a core principle;
• Track emerging technologies including cloud-native security and AI-assisted development to enhance resilience;
• Act as a trusted advisor to senior technology and security stakeholders on secure-by-design practices;
• Build and manage communities of practice to harmonize security testing efforts across agencies.

Should you be interested in this career opportunity, please send in your updated resume to [email protected] at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA License No. 07C5639