Job Description

Requirements:

• 3–6 years of experience in Application Security, Platform Security, or Security Engineering roles.
• Hands-on experience with OPA and Rego, including policy authoring, bundle distribution, and admission controller integration.
• Strong understanding of Kubernetes security, including RBAC, Network Policies, Pod Security, and admission controllers.
• Experience working with Vault, including policies, transit secrets engine, PKI, and dynamic secrets.
• Hands-on experience with container and dependency scanning tools such as Trivy, Grype, Snyk, or Dependency-Track.
• Knowledge of supply chain security, including image signing using Cosign or Sigstore and SBOM generation.
• Proficiency in Python and/or Go for building security tooling and automation.
• Strong documentation and communication skills, including experience in writing threat models, policy design documents, and incident reports.
• Experience with tamper-evident audit systems, WORM storage, or hash-chained architectures.
• Familiarity with ABAC or ReBAC frameworks such as OPA, OpenFGA, or Cedar.
• Experience with compliance frameworks such as ISO 27001, SOC 2, or regional sovereign frameworks across Pakistan, UAE, and Saudi Arabia.
• Background in offensive security, including penetration testing, red teaming, or CTFs.
• Relevant certifications such as CISSP, OSCP, or CKS will be considered a plus.

Responsibilities:

• Implement, manage, and update information security policies and procedures in line with ISO 27001.
• Monitor network and endpoint security, investigate security issues, and respond to breaches.
• Perform vulnerability assessments, identify security gaps in networks and websites, and conduct penetration testing.
• Conduct internal audits and reporting related to ISO 27001 and technical compliance.
• Manage Windows Server Security, PowerShell, and Linux system administration.
• Ensure 100% deployment of endpoint security, email security, phishing protection, and malware protection solutions.
• Continuously audit systems to ensure the implementation of approved security controls.
• Coordinate with IT teams and other stakeholders on security-related initiatives and operations.
• Analyze IT requirements and provide objective security recommendations.
• Lead assigned tasks to completion while ensuring the timely execution of security operations.
• Stay updated on the latest security threats, trends, and technologies.
• Demonstrate adaptability and a creative approach to problem-solving.
• Perform additional duties and responsibilities as assigned by management.