Cyber Security Specialist

Cyber Security Specialist – Cloud Security & DevSecOps

We are hiring an experienced Cyber Security Specialist to join a high-performing Information Security team supporting critical cloud and application security initiatives. This role focuses on cloud security risk assessments, application security testing, DevSecOps integration, and CI/CD pipeline security for enterprise-scale environments supporting mission-critical operations.

Responsibilities

• Conduct cloud application security assessments to identify vulnerabilities, threats, and compliance gaps across AWS, Azure, and cloud-native environments
• Perform application penetration testing and dynamic security testing using tools such as Burp Suite Professional
• Execute IoT and ICS security assessments, including evaluation of OT environments and industrial security controls
• Partner with development and engineering teams to integrate security into CI/CD pipelines using GitLab
• Implement and maintain DevSecOps security tooling including SAST, DAST, SCA, container security, and IaC scanning
• Establish automated security gates and compliance checks within deployment pipelines
• Conduct threat modeling, security design reviews, and cloud workload risk assessments
• Perform third-party vendor security assessments and evaluate supply chain security risks
• Create detailed security assessment reports, remediation recommendations, and executive summaries
• Present security findings to technical teams, business stakeholders, and leadership
• Collaborate with application security teams to improve testing coverage and security processes
• Support secure coding initiatives and provide guidance on cloud security best practices
• Maintain documentation, runbooks, and security standards using tools like Jira, Confluence, and ServiceNow
• Prioritize and triage security findings based on business impact and risk severity

Qualifications

• 5+ years of hands-on experience in application security, penetration testing, or cloud security
• Strong expertise in AWS, Azure, cloud security architecture, IAM, and cloud-native security controls
• Advanced experience with Burp Suite Professional, including extensions, macros, and custom configurations
• Experience performing web application, API, IoT, and ICS/OT security assessments
• Deep understanding of OWASP Top 10, API security risks, and common application vulnerabilities
• Proven experience implementing security within GitLab CI/CD pipelines
• Hands-on knowledge of DevSecOps practices including shift-left security and infrastructure-as-code security
• Experience with SAST, DAST, SCA, container scanning, and Kubernetes/Docker security
• Knowledge of security frameworks including NIST, ISO 27001, CIS Controls, SOC 2, and cloud security benchmarks
• Strong analytical, problem-solving, and stakeholder communication skills
• Experience working in Agile development environments
• Ability to manage multiple concurrent security initiatives in fast-paced environments
• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)

Preferred Certifications

• CISSP
• CEH
• GWAPT
• CSSLP
• AWS Security Specialty or equivalent cloud security certifications

Nice to Have

• Experience supporting financial services or highly regulated enterprise environments
• Familiarity with IEC 62443 and operational technology security frameworks
• Experience with threat modeling and secure architecture reviews