What Jobs are available for Security Consultant in Singapore?

Job Summary: We are seeking an experienced Security Consultant to assess, design and implement robust security solutions across enterprise environments, The role involves conducting risk assessments, developing security architecture, advising on compliance frameworks and guiding internal stakeholders to ensure security requirements are met across all systems and applications

Key Responsibilities

• Design, implement, and manage security measures for cloud environments.
• Conduct regular security assessments and audits of cloud infrastructure.
• Collaborate with cross-functional teams to integrate security best practices into cloud-based applications and services.
• Implement and maintain access controls, encryption, and other security features.
• Stay up to date with industry trends and emerging threats to proactively address potential vulnerabilities.
• Develop and document security policies, procedures, and guidelines for cloud environments.

What we are looking for:

• Relevant certifications such as AWS Certified Security - Specialty or Certified Cloud Security Professional (CCSP) are a plus.
• Excellent communication skills and the ability to collaborate with diverse teams.
• Organized, independent and able to work with minimal supervision in a fast-paced working environment and adhere to organizational process and governance.
• Minimum five (5) years of relevant IT experience in deploying and managing application and services on cloud, including the design, development, implementation and/or management of the solution.
• Proven experience as a Cloud Security Engineer or similar role, with a focus on AWS cloud services
• Good knowledge in security
• Strong understanding of cloud platforms such as AWS, Azure, or Google Cloud.
• Proficient in security concepts related to infrastructure as code (IaC) and containerization.
• Experience with security tools and technologies, such as Security Information and Events Management, Data Loss Prevention, Database Activity Monitoring, Data Security and Protection, Privileged Access Management, File Integrity Monitoring, Web Application Firewall, Intrusion Prevent etc.

Date: 10 Oct 2025

Location: Singapore, Singapore

Company: Singtel Group

At Singtel, we believe in the strength of a vibrant, diverse and inclusive workforce where backgrounds, perspectives and life experiences of our people help us innovate and create strong connections with our customers. We strive to ensure all our people practices are non-discriminatory and provide a fair, performance-based work culture that is diverse, inclusive and collaborative.

Join us and experience what it's like to be with an Employer of Choice*. Together, let's create a brighter digital future for all. *Awarded at the HR Fest Awards 2020.

Make an Impact by:

• Point of contact for Presales and Operation.
• Collaborate with cross-functional teams to ensure alignment between product design, engineering feasibility, and management/ operation processes.
• Maintaining internal documentation and security standards to ensure operation management and security best practices are followed.
• Lead the end-to-end development of new products or services, including concept design, prototyping, validation, and operational support for the services.
• Provide standard security guidance for all new products and technologies within the organization.
• Lead and create the SOC playbook (SOAR), correlation rules and use cases for Managed Threat Detection Service.
• Proactively develop new playbooks, correlation rules and use cases for emerging threats.
• To perform regular product security assessments and threat modelling.
• Leading the tuning of the SIEM tool to reduce false positives
• Designing and implementing tools to automate and scale processes.
• Support and advise on incident detection and response processes.
• Lead and oversee the selection of technologies to support the product offering.
• Lead and work closely with suppliers, vendors, and operations teams to optimize production processes and ensure cost efficiency.
• Accountable for setting up a simulation test lab to support the product offering.
• Understand and identify customers' challenges in the cybersecurity domain.
• Translate customer needs and business requirements into technical specifications.
• Responsible for orchestrating the inter-operability of various subsystems to the main system/platform.
• Responsible in working closely with principal partners for technology knowledge transfer and technology notice broadcast such as End of Life or End of Sale.
• Test the stability of the new release firmware.
• Perform product testing and validation, analyze results, and apply design improvements.
• Accountable on reviewing and development of security products, services.
• Accountable for aligning and detailing the scope of work based on the defined service scheme SLA.
• Accountable for defining the technical parameters for Managed Services on-premises, hosted, cloud-based solutions and so on
• Accountable for defining the baseline product features for Managed Services.
• Accountable for supporting and evaluating product feature evolution, including new feature development and enhancements.
• Accountable for overseeing service performance post-launch and driving continuous improvement initiatives.
• Collect and analyse cyber threat data from internal and external sources (OSINT, commercial feeds, dark web, etc.) and identify, evaluate, and track cyber threats, campaigns, and threat actors.
• Produce and distribute threat intelligence reports tailored to technical, operational, and executive audiences.
• Enrich and validate Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs).
• Collaborate with SOC, Incident Response, and Threat Hunting teams to improve threat detection and response.
• Maintain and manage threat intelligence platforms (TIPs) and integrate threat data into SIEM/SOAR tools.
• Provide timely intelligence during security incidents and support attribution efforts.
• Monitor trends in the threat landscape and provide strategic insights to inform risk decisions.
• Participate in threat intelligence sharing communities (e.g., ISACs, CERTs).
• Develop playbooks and methodologies for threat actor tracking and threat intelligence lifecycle management.

Skills for Success:

• Degree or Post Graduate degree in Computer Science, Engineering and Information Systems.
• 3-5 years in implementation of Network and Security Projects.
• 3-5 years of relevant working experience in the area of cyber security.
• 2-3 years of information security management system (ISMS) practice.
• 2–5 years of experience in cyber threat intelligence, incident response, or related security roles.
• Strong understanding of threat intelligence frameworks (e.g., MITRE ATT&CK, Kill Chain, Diamond Model).
• Experience with threat intelligence tools and platforms (e.g., OpenCTI, Recorded Future, Intel 471, ThreatConnect).
• Good working knowledge of technical vulnerability management, application security, security technologies (system hardening, IDS/IPS, firewall, SIEM).
• GCIH (GIAC Certified Incident Handler) certification.
• GIAC Cyber Threat Intelligence (GCTI).
• Certified Ethical Hacker (CEH).
• Candidate must also be innovative, customer-focused and possess strong interpersonal and communication skills.

Are you ready to say hello to BIG Possibilities?

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career

Overview
Binance is a leading global blockchain ecosystem behind the world's largest cryptocurrency exchange by trading volume and registered users. We are trusted by over 280 million people in 100+ countries for our industry-leading security, user fund transparency, trading engine speed, deep liquidity, and an unmatched portfolio of digital-asset products. Binance offerings range from trading and finance to education, research, payments, institutional services, Web3 features, and more. We leverage the power of digital assets and blockchain to build an inclusive financial ecosystem to advance the freedom of money and improve financial access for people around the world.
Responsibilities
Lead security assessments and audits focusing on mobile applications and blockchain platforms.
Ensure the security of iOS applications by applying best practices in SWIFT development and mobile security mechanisms such as secure storage, sandbox isolation, anti-debugging, and Secure Enclave.
Conduct security reviews and audits of blockchain technologies, including multi-signature wallets, smart contracts, cryptographic algorithms (ECDSA, EdDSA), and private key management.
Collaborate with development teams to identify security risks and recommend mitigation strategies.
Provide clear and actionable security guidance, documentation, and training to technical and non-technical stakeholders.
Support compliance efforts by aligning security practices with industry standards and regulations.
Act as a part-time consultant when needed, offering expert advice and security strategy support.
Requirements
Extensive experience in iOS security, familiar with SWIFT.
Deep understanding of mobile security mechanisms including secure storage, sandboxing, anti-debugging, and Secure Enclave.
Proven ability to secure mobile applications throughout the development lifecycle.
Strong knowledge of blockchain technology and security.
Experience with multi-signature wallets, smart contract auditing, cryptographic algorithms (ECDSA, EdDSA), and private key management.
Nice-to-have
Proficiency in React framework and frontend security, including knowledge of common vulnerabilities such as XSS, CSRF, and SQL injection.
Experience reviewing frontend code and providing security optimization recommendations.
Familiarity with Go language development and backend security, including API security, data encryption, authentication/authorization (OAuth, JWT), and prevention of vulnerabilities like RCE and DoS.
Experience in security auditing and compliance, with knowledge of standards such as OWASP and ISO 27001.
Strong communication and consulting skills, capable of working as a part-time advisor, delivering security training, and producing clear documentation.
Why Binance
Shape the future with the world's leading blockchain ecosystem
Collaborate with world-class talent in a user-centric global organization with a flat structure
Tackle unique, fast-paced projects with autonomy in an innovative environment
Thrive in a results-driven workplace with opportunities for career growth and continuous learning
Competitive salary and company benefits
Work-from-home arrangement (the arrangement may vary depending on the work nature of the business team)
Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success. By submitting a job application, you confirm that you have read and agree to our
Candidate Privacy Notice .
Seniority level
Mid-Senior level
Employment type
Contract
Job function
Information Technology and Engineering
Industries
Technology, Information and Internet
#J-18808-Ljbffr

Select how often (in days) to receive an alert:
At Singtel, we believe in the strength of a vibrant, diverse and inclusive workforce where backgrounds, perspectives and life experiences of our people help us innovate and create strong connections with our customers. We strive to ensure all our people practices are non-discriminatory and provide a fair, performance-based work culture that is diverse, inclusive and collaborative.
Join us and experience what it's like to be with an Employer of Choice*. Together, let's create a brighter digital future for all. *Awarded at the HR Fest Awards 2020.
Make an Impact by:
Point of contact for Presales and Operation.
Collaborate with cross-functional teams to ensure alignment between product design, engineering feasibility, and management/ operation processes.
Maintaining internal documentation and security standards to ensure operation management and security best practices are followed.
Lead the end-to-end development of new products or services, including concept design, prototyping, validation, and operational support for the services.
Provide standard security guidance for all new products and technologies within the organization.
Lead and create the SOC playbook (SOAR), correlation rules and use cases for Managed Threat Detection Service.
Proactively develop new playbooks, correlation rules and use cases for emerging threats.
To perform regular product security assessments and threat modelling.
Leading the tuning of the SIEM tool to reduce false positives
Designing and implementing tools to automate and scale processes.
Support and advise on incident detection and response processes.
Lead and oversee the selection of technologies to support the product offering.
Lead and work closely with suppliers, vendors, and operations teams to optimize production processes and ensure cost efficiency.
Accountable for setting up a simulation test lab to support the product offering.
Understand and identify customers' challenges in the cybersecurity domain.
Translate customer needs and business requirements into technical specifications.
Responsible for orchestrating the inter-operability of various subsystems to the main system/platform.
Responsible in working closely with principal partners for technology knowledge transfer and technology notice broadcast such as End of Life or End of Sale.
Test the stability of the new release firmware.
Perform product testing and validation, analyze results, and apply design improvements.
Accountable on reviewing and development of security products, services.
Accountable for aligning and detailing the scope of work based on the defined service scheme SLA.
Accountable for defining the technical parameters for Managed Services on-premises, hosted, cloud-based solutions and so on
Accountable for defining the baseline product features for Managed Services.
Accountable for supporting and evaluating product feature evolution, including new feature development and enhancements.
Accountable for overseeing service performance post-launch and driving continuous improvement initiatives.
Collect and analyse cyber threat data from internal and external sources (OSINT, commercial feeds, dark web, etc.) and identify, evaluate, and track cyber threats, campaigns, and threat actors.
Produce and distribute threat intelligence reports tailored to technical, operational, and executive audiences.
Enrich and validate Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs).
Collaborate with SOC, Incident Response, and Threat Hunting teams to improve threat detection and response.
Maintain and manage threat intelligence platforms (TIPs) and integrate threat data into SIEM/SOAR tools.
Provide timely intelligence during security incidents and support attribution efforts.
Monitor trends in the threat landscape and provide strategic insights to inform risk decisions.
Participate in threat intelligence sharing communities (e.g., ISACs, CERTs).
Develop playbooks and methodologies for threat actor tracking and threat intelligence lifecycle management.
Skills for Success:
Degree or Post Graduate degree in Computer Science, Engineering and Information Systems.
3-5 years in implementation of Network and Security Projects.
3-5 years of relevant working experience in the area of cyber security.
2-3 years of information security management system (ISMS) practice.
2–5 years of experience in cyber threat intelligence, incident response, or related security roles.
Strong understanding of threat intelligence frameworks (e.g., MITRE ATT&CK, Kill Chain, Diamond Model).
Experience with threat intelligence tools and platforms (e.g., OpenCTI, Recorded Future, Intel 471, ThreatConnect).
Good working knowledge of technical vulnerability management, application security, security technologies (system hardening, IDS/IPS, firewall, SIEM).
Certified Ethical Hacker (CEH).
Candidate must also be innovative, customer-focused and possess strong interpersonal and communication skills.
Are you ready to say hello to BIG Possibilities?
Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!
#J-18808-Ljbffr

About us

At wizlynx group, we're on a mission to fortify the digital defense of our clients by staying one step ahead of cyber threats. As a Red Team Specialist, you'll play a pivotal role in our cybersecurity team, focusing on emulating threat actors to assess and enhance the security of enterprise networks. Your mission: to penetrate, identify vulnerabilities, and simulate cyberattacks to strengthen our clients' defenses.

Key Responsibilities

Client engagements:

• Emulate threat actor tactics, techniques, and procedures to assess the security posture of client networks.
• Execute red teaming exercises, striving to achieve defined objectives, such as gaining domain admin privileges, accessing sensitive information, or simulating ransomware attacks.
• Stay updated on current threat actor groups, their tactics, and tools to replicate them effectively during client engagements.
• Demonstrate exceptional technical expertise and adaptability in assimilating new knowledge.
• Utilize your deep understanding of complex information systems and industry trends to identify vulnerabilities and communicate findings to the engagement team and client management through written reports and verbal presentations.

People development:

• Contribute to people-related initiatives, including coaching, recruiting, training, and staff retention.
• Foster a culture of continuous learning by maintaining an educational program to develop your personal skills and those of your team.
• Adhere to workplace policies and procedures, setting a positive example for your colleagues

Qualifications and attributes

Desired qualification include:

• A bachelor or master's degree in Information Systems, Computer Science, Engineering, or related fields
• 3+ years of recent experience in offensive security, including internal and external penetration testing, Red Teaming, and social engineering
• Possession of certifications such as OSEP, GXPN, CRTO, etc.
• Proven ability to work independently or within large, complex projects delivering offensive cyber security services.
• Proficiency in developing, extending, or modifying exploits and offensive security tools, as well as operational experience in exploitation, lateral movement, and persistence on Windows and Linux systems.
• Experience bypassing preventative and detective endpoint and network security controls, using C2 frameworks like Cobalt Strike and Metasploit, and leveraging common offensive security tools (e.g., nmap, CrackMapExec, Impacket, Responder, etc.).
• Strong OSINT collection and organization skills, both manual and automated.
• In-depth knowledge of modern offensive security tools and frameworks, including Bloodhound, nmap, and Impacket.
• Familiarity with the Cyber Kill Chain and the MITRE ATT&CK Framework.
• Coding skills, in any of the following languages: C#, Python, C++, Go, PowerShell, ASP.NET.
• Excellent knowledge of local Red & Purple Teaming frameworks and guidelines such as iCAST, TIBER-EU, ABS' Red Team Guidelines, etc.
• Advanced understanding of Windows and Unix operating systems internals
• Exceptional interpersonal, written, verbal, communication, and presentation skills.
• Proven experience in conducting penetration tests and red team assessments.
• Strong analytical skills and proficiency in data analytics methods.
• Demonstrated leadership abilities.

Language Skills:

• Excellent communication skills in English (written and spoken), other languages such as Mandarin is an advantage to serve Chinese speaking clients

What we are offering you

You will get the opportunity to work with the best cyber security experts in a multi-cultural environment.

At wizlynx group, you will also have the chance go to conferences, participate to ethical hacking competitions, attend advanced trainings and pass highly recognized certifications.

We are offering you to work in a thrilling, challenging but fun environment where what you do is important and meaningful. At wizlynx, there is no limit but the sky. If you wish to learn and get involved in other areas of cyber security or the business, we will ensure that you get all the help you need to succeed.

You will also get dedicated time for security research on topics that interest you the most.

• Execute security reviews, audits, and gap assessments across applications, infrastructure, and business processes.
• Provide strategic advisory to clients on cybersecurity governance, risk posture, and security program development.
• Carry out risk evaluations, threat modeling exercises, and vulnerability analysis to reduce exposure to cyber risks.
• Design and recommend client-specific security frameworks, standards, and policies.
• Guide organizations through compliance journeys involving ISO 27001, NIST CSF, PCI-DSS, SOC 2, GDPR, HIPAA, or country-specific regulations.
• Partner with IT, DevOps, and business leaders to integrate secure design principles into technology architectures.
• Assist in deploying security controls including IAM solutions, encryption methods, and monitoring platforms.
• Conduct penetration testing, source code reviews, and application security validation.
• Support incident handling by preparing response playbooks and advising during active security events.
• Lead training initiatives and awareness programs to strengthen security culture across organizations.

• Assessment & Testing : Skilled in penetration testing, vulnerability scanning, adversarial simulations (red/blue teams), and tools such as Nessus, Qualys, Burp Suite, Metasploit, and Wireshark.
• Infrastructure & Network Security : Knowledge of IDS/IPS, firewalls, WAF, VPNs, load balancers, and endpoint protection.
• Cloud Security : Practical experience in AWS, Azure, and GCP security services including IAM, cloud-native security, and compliance configurations.
• Application Security : Proficient in secure coding, OWASP Top 10 mitigation, and SAST/DAST tools (Veracode, Checkmarx, SonarQube).
• Governance, Risk & Compliance (GRC) : Expertise in implementing ISO 27001, NIST CSF, COBIT, SOC 2, PCI-DSS, GDPR, HIPAA frameworks.
• Identity & Access Management (IAM) : Implementation experience with MFA, SSO, and PAM solutions like CyberArk, Okta, and Azure AD.
• Incident Response & Forensics : Hands-on with SIEM (Splunk, QRadar, ELK), SOAR, malware analysis, and forensic investigations.
• Data Security & Cryptography : Knowledge of PKI, TLS, encryption methods, tokenization, and key management practices.
• Automation & Scripting : Capable of automating audits, reporting, and security workflows using Python, PowerShell, or Bash.

• Security certifications including CISSP, CISM, CISA, CEH, OSCP, CCSP, or ISO 27001 Lead Auditor/Implementer.
• Familiarity with Zero Trust models and securing containerized workloads (Docker, Kubernetes).
• Exposure to SOC operations and threat intelligence platforms.

Who are we?

Amaris Consulting is an independent technology consulting firm providing guidance and solutions to businesses. With more than 1,000 clients across the globe, we have been rolling out solutions in major projects for over a decade – this is made possible by an international team of 7,600 people spread across 5 continents and more than 60 countries. Our solutions focus on four different Business Lines: Information System & Digital, Telecom, Life Sciences and Engineering. We're focused on building and nurturing a top talent community where all our team members can achieve their full potential. Amaris is your steppingstone to cross rivers of change, meet challenges and achieve all your projects with success.

At Amaris, we strive to provide our candidates with the best possible recruitment experience. We like to get to know our candidates, challenge them, and be able to give them proper feedback as quickly as possible. Here's what our recruitment process looks like:

Brief Call: Our process typically begins with a brief virtual/phone conversation to get to know you The objective? Learn about you, understand your motivations, and make sure we have the right job for you

Interviews (the average number of interviews is 3 - the number may vary depending on the level of seniority required for the position). During the interviews, you will meet people from our team: your line manager of course, but also other people related to your future role. We will talk in depth about you, your experience, and skills, but also about the position and what will be expected of you. Of course, you will also get to know Amaris: our culture, our roots, our teams, and your career opportunities

Case study: Depending on the position, we may ask you to take a test. This could be a role play, a technical assessment, a problem-solving scenario, etc.

As you know, every person is different and so is every role in a company.  That is why we have to adapt accordingly, and the process may differ slightly at times. However, please know that we always put ourselves in the candidate's shoes to ensure they have the best possible experience. 

We look forward to meeting you

Job description

*ABOUT THE JOB *

• Review existing documentation and artefacts, ensuring compliance with the latest ISO 27001 specification.
• Create and implement new documentation and artefacts for unaudited areas.
• Lead risk assessment processes and ensure corrective actions are properly implemented.
• Coordinate with internal and external partners to achieve certification objectives.
• Act as the preferred point of contact during the certification process.

*ABOUT YOU *

• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.
• Certified ISO 27001 professional (latest version).
• Minimum of 5 years' experience in similar projects (certification renewal and initial issuance).
• Strong knowledge of risk assessment methodology and ISO 27001 compliance processes.
• Excellent communication and coordination skills to manage multiple stakeholders.
• Nice to have: Previous experience in airport or airline industry projects.

WHY AMARIS?

At Amaris Consulting, we believe in creating a thriving, positive workplace where every team member can grow, connect, and make a real impact. Here's what you can expect when you join our dynamic community:

• Global Diversity: Be part of an international team of 110+ nationalities, celebrating diverse perspectives and collaboration.
• Trust and Growth: With 70% of our leaders starting at entry-level, we're committed to nurturing talent and empowering you to reach new heights.
• Continuous Learning: Unlock your full potential with our internal Academy and over 250 training modules designed for your professional growth.
• Vibrant Culture: Enjoy a workplace where energy, fun, and camaraderie come together through afterworks, networking events, and more.
• Meaningful Impact: Join us in making a difference through our CSR initiatives, including the WeCare Together program, and be part of something bigger.

Equal Opportunity

Amaris Consulting is proud to be an equal opportunity workplace. We are committed to promoting diversity within the workforce and creating an inclusive working environment. For this purpose, we welcome applications from all qualified candidates regardless of gender, sexual orientation, race, ethnicity, beliefs, age, marital status, disability, or other characteristics.

We are seeking an experienced Security Consultant to assess, design and implement robust security solutions across enterprise environments, The role involves conducting risk assessments, developing security architecture, advising on compliance frameworks and guiding internal stakeholders to ensure security requirements are met across all systems and applications

Key Responsibilities

• Design, implement, and manage security measures for cloud environments.

• Conduct regular security assessments and audits of cloud infrastructure.

• Collaborate with cross-functional teams to integrate security best practices into cloud-based applications and services.

• Implement and maintain access controls, encryption, and other security features.

• Stay up to date with industry trends and emerging threats to proactively address potential vulnerabilities.

• Develop and document security policies, procedures, and guidelines for cloud environments.

What we are looking for:

• Relevant certifications such as AWS Certified Security - Specialty or Certified Cloud Security Professional (CCSP) are a plus.

• Excellent communication skills and the ability to collaborate with diverse teams.

• Organized, independent and able to work with minimal supervision in a fast-paced working environment and adhere to organizational process and governance.

• Minimum five (5) years of relevant IT experience in deploying and managing application and services on cloud, including the design, development, implementation and/or management of the solution.

• Proven experience as a Cloud Security Engineer or similar role, with a focus on AWS cloud services

• Good knowledge in security

• Strong understanding of cloud platforms such as AWS, Azure, or Google Cloud.

• Proficient in security concepts related to infrastructure as code (IaC) and containerization.

• Experience with security tools and technologies, such as Security Information and Events Management, Data Loss Prevention, Database Activity Monitoring, Data Security and Protection, Privileged Access Management, File Integrity Monitoring, Web Application Firewall, Intrusion Prevent etc.

• Conduct security assessments, audits, and gap analysis across infrastructure, applications, and processes.
• Advise clients on cybersecurity strategy, governance, and best practices.
• Perform risk assessments, threat modeling, and vulnerability management to identify and mitigate security risks.
• Develop and recommend security policies, standards, and frameworks tailored to client needs.
• Support clients in achieving and maintaining compliance with ISO 27001, NIST, PCI-DSS, GDPR, HIPAA, or local regulations.
• Collaborate with IT, DevOps, and business stakeholders to integrate security into architecture and design.
• Assist in the design and implementation of security controls, IAM, encryption, and monitoring systems.
• Conduct penetration testing, code reviews, and application security assessments.
• Provide incident response planning and advisory services during security events or breaches.
• Deliver security awareness training and build a culture of cyber resilience.

• Security Assessments & Testing: Expertise in penetration testing, vulnerability assessments, red/blue teaming, and use of tools like Nessus, Qualys, Burp Suite, Metasploit, Wireshark.
• Network & Infrastructure Security: Knowledge of firewalls, IDS/IPS, VPN, WAF, load balancers, and endpoint protection tools.
• Cloud Security: Hands-on experience with AWS, Azure, GCP security configurations, identity management, and cloud-native security tools.
• Application Security: Familiarity with OWASP Top 10, secure coding practices, SAST/DAST tools (SonarQube, Veracode, Checkmarx).
• Governance, Risk & Compliance (GRC): Strong knowledge of frameworks like ISO 27001, NIST CSF, COBIT, SOC 2, PCI-DSS, GDPR, HIPAA.
• Identity & Access Management (IAM): Implementation experience with SSO, MFA, PAM solutions (CyberArk, Okta, Azure AD).
• Incident Response & Forensics: Knowledge of SIEM (Splunk, QRadar, ELK), SOAR, malware analysis, forensic investigations.
• Cryptography & Data Protection: Understanding of PKI, TLS, tokenization, and encryption standards.
• Automation & Scripting: Ability to automate assessments and reporting using Python, PowerShell, or Bash.

• Security certifications: CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Auditor/Implementer.
• Knowledge of Zero Trust Architecture and container security (Docker, Kubernetes).
• Exposure to threat intelligence platforms and SOC operations.