Information Security Consultant

Key Responsibilities

• Conduct security assessments, audits, and gap analysis across infrastructure, applications, and processes.
  
  
• Advise clients on cybersecurity strategy, governance, and best practices.
  
  
• Perform risk assessments, threat modeling, and vulnerability management to identify and mitigate security risks.
  
  
• Develop and recommend security policies, standards, and frameworks tailored to client needs.
  
  
• Support clients in achieving and maintaining compliance with ISO 27001, NIST, PCI-DSS, GDPR, HIPAA, or local regulations.
  
  
• Collaborate with IT, DevOps, and business stakeholders to integrate security into architecture and design.
  
  
• Assist in the design and implementation of security controls, IAM, encryption, and monitoring systems.
  
  
• Conduct penetration testing, code reviews, and application security assessments.
  
  
• Provide incident response planning and advisory services during security events or breaches.
  
  
• Deliver security awareness training and build a culture of cyber resilience.
  
  

Required Technical Skills (Tough Skills)

• Security Assessments & Testing: Expertise in penetration testing, vulnerability assessments, red/blue teaming, and use of tools like Nessus, Qualys, Burp Suite, Metasploit, Wireshark.
  
  
• Network & Infrastructure Security: Knowledge of firewalls, IDS/IPS, VPN, WAF, load balancers, and endpoint protection tools.
  
  
• Cloud Security: Hands-on experience with AWS, Azure, GCP security configurations, identity management, and cloud-native security tools.
  
  
• Application Security: Familiarity with OWASP Top 10, secure coding practices, SAST/DAST tools (SonarQube, Veracode, Checkmarx).
  
  
• Governance, Risk & Compliance (GRC): Strong knowledge of frameworks like ISO 27001, NIST CSF, COBIT, SOC 2, PCI-DSS, GDPR, HIPAA.
  
  
• Identity & Access Management (IAM): Implementation experience with SSO, MFA, PAM solutions (CyberArk, Okta, Azure AD).
  
  
• Incident Response & Forensics: Knowledge of SIEM (Splunk, QRadar, ELK), SOAR, malware analysis, forensic investigations.
  
  
• Cryptography & Data Protection: Understanding of PKI, TLS, tokenization, and encryption standards.
  
  
• Automation & Scripting: Ability to automate assessments and reporting using Python, PowerShell, or Bash.
  
  

Good to Have

• Security certifications: CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Auditor/Implementer.
  
  
• Knowledge of Zero Trust Architecture and container security (Docker, Kubernetes).
  
  
• Exposure to threat intelligence platforms and SOC operations.