Job Description

Roles & Responsibilities

Description:

• Lead the vulnerability management lifecycle, including scanning, validation, prioritisation, remediation tracking and closure verification.
• Perform technical assessment of vulnerabilities, misconfigurations, alerts and penetration testing findings, and define risk-based remediation actions.
• Implement, tune and maintain cyber security technologies and technical controls within assigned scope, including endpoint, network, identity, email, web and monitoring controls as applicable.
• Review security architecture, configurations, hardening baselines and segmentation arrangements, and recommend practical improvements.
• Support investigation, containment and recovery activities for cyber security incidents; provide technical analysis, evidence gathering and root-cause input.
• Coordinate remediation actions with infrastructure, applications, networks, telecoms, service owners and third-party vendors to ensure timely risk reduction.
• Conduct technical assurance reviews for systems, changes, projects and exceptions to confirm compliance with security requirements and control standards.
• Develop and maintain security procedures, playbooks, technical standards and documentation for assigned cyber security services and controls.
• Prepare clear technical reports, dashboards and management updates covering vulnerabilities, incidents, risks, trends and control effectiveness.
• Support internal and external audits, surveillance reviews and compliance assessments, and ensure timely closure of observations and action plans.
• Provide expert security advice to projects and operational teams on secure implementation, hardening requirements and control design.
• Identify automation and efficiency opportunities to improve repeatable cyber security tasks, reporting and monitoring effectiveness.
• Maintain current awareness of threat trends, attack techniques, defensive practices, regulatory expectations and relevant technologies.
• Provide technical guidance and knowledge sharing to junior staff, contractors and project resources as required.
• Perform other related duties as assigned.
• Demonstrate knowledge of Asset Management, HSE Management System and IT Security Standard requirements according to ISO 55001, ISO 14001, ISO 45001 / OHSAS 18001 and ISO 27001 in carrying out assigned responsibilities.

Desired Candidate Profile

Minimum Qualifications:

• Bachelor's degree in Cyber Security, Information Security, Computer Science, Information Systems, Information Technology or other relevant discipline.
• Master's degree or specialist post-graduate qualification is desirable.

Professional Experience:

• Minimum 5-8 years of progressively responsible experience in cyber security, information security or security engineering roles.
• Proven experience in vulnerability management, security tools / controls, hardening, technical assurance, incident response support and remediation coordination.
• Strong hands-on knowledge of vulnerability management, operating system and network hardening, endpoint and network security, SIEM / monitoring, IAM / PAM and security troubleshooting.
• Ability to analyse complex technical issues, prioritise based on risk, prepare clear technical reports and influence corrective action across multiple stakeholders.
• Good working knowledge of ISO 27001, security baselines, audit evidence requirements and security control implementation practices.
• Awareness of utility / critical infrastructure cyber risks and the need to protect service continuity and operational resilience.
• Good understanding of how cyber security engineering supports service continuity, auditability, risk reduction and regulatory compliance within a critical infrastructure environment.