CyberSecurity Consultant

Overview

Role Overview:

We are seeking a seasoned Cybersecurity Consultant with over 10 years of hands-on experience to lead the security assessment of a mission-critical eServices system. The role involves conducting in-depth assessments of infrastructure, application, data, and integration security aspects to ensure the system meets industry standards, government regulations, and organizational risk appetite.

________________________________________

Key Responsibilities:

• Lead a comprehensive cybersecurity assessment of the eServices platform across network, application, infrastructure, and data layers.
• Review and evaluate the security architecture and its alignment with best practices (Zero Trust, Defense in Depth, etc.).
• Conduct threat modeling and risk assessments across the full eServices ecosystem (web, APIs, backend systems).
• Identify vulnerabilities using a combination of manual and automated testing tools (e.g., Nessus, Burp Suite, Qualys).
• Review IAM policies and implementations (Single Sign-On, MFA, Role-Based Access Control).
• Assess compliance with relevant frameworks and regulations (e.g., NIST, ISO/IEC 27001, GDPR, etc.).
• Evaluate data protection mechanisms including encryption (at rest and in transit), data masking, and secure key management.
• Provide recommendations for remediation, security controls, and system hardening.
• Prepare and present technical reports, executive summaries, and risk mitigation roadmaps to stakeholders.
• Guide internal teams on secure development lifecycle (SDLC) and DevSecOps best practices.
• Assess third-party and open-source component risks within the eServices system.
• Collaborate with internal IT, development, and compliance teams to ensure effective cybersecurity governance.

________________________________________

Required Experience:

• Minimum 10 years of experience in cybersecurity roles, with at least 5 years in a consulting capacity.
• Proven experience in evaluating government or large-scale enterprise eServices platforms.
• Demonstrated expertise in security assessments, penetration testing, vulnerability management, and architecture reviews.
• Strong background in network security, web application security, and cloud security (AWS/Azure/GCP).
• Experience working with SIEM tools, WAFs, EDR/XDR solutions, and data loss prevention (DLP) systems.
• Experience with regulatory compliance and security audits (e.g., ISO 27001 certification programs, SOC 2 audits).

________________________________________

Required Skills:

• Proficiency in:

o Network protocols and architecture

o Web and API security (OWASP Top 10, API Security Top 10)

o Secure coding practices (especially for web apps and APIs)

o Security architecture design and risk evaluation

• Ability to lead penetration testing and red team exercises
• Strong analytical and problem-solving skills
• Excellent verbal and written communication skills (ability to write security reports, executive briefings, and risk registers)
• Experience working in Agile and DevSecOps environments

________________________________________

Certifications (Highly Desirable):

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)
• Certified Cloud Security Professional (CCSP) or AWS/Azure Security Certifications
• Certified Information Security Auditor (CISA)
• ISO 27001 Lead Auditor/Implementer

Job Type: Contract
Contract length: 24 months