Cyber Security Specialist

Under the coordination of the Cyber Security Manager, the Cyber Security Specialist is responsible to validate the engineering, implementation and operational security controls that protect GCGRA business applications and enterprise IT assets.

This role places a strong emphasis on cyber defence operations, vulnerability management, security assessment, incident response and threat hunting, ensuring a resilient and proactive security posture across the organization.

The Specialist leads and supports the protection of Microsoft 365 SaaS cloud business services and other corporate environments, safeguarding the confidentiality, integrity, and availability of GCGRA assets.

This includes implementing and monitoring solutions like advanced threat detection, Security Information Event Management (SIEM), hardening of systems and applications, and continuously evaluating security controls against evolving threats.

As a key contributor to Security Architecture & Engineering, and Cyber Security Operations Center (CSOC) functions, the role is responsible for monitoring, analyzing, and responding to security events, as well as identifying and remediating vulnerabilities across cloud and on-premise environments.

The Specialist drives proactive defence strategies by leveraging threat intelligence, conducting security assessments and incident handling, and coordinating timely mitigation of risks in mission-critical environments.

Support the engineering, execute the deployment and harden GCGRA advanced security controls, including L7 firewalls, IPS, VPN, Endpoint Detection and Response (EDR/XDR) and Data Protection solutions.

Security Monitoring & Detection: Operate and optimize SIEM/XDR/M365 security stack for continuous monitoring, alert triage, and investigation, ensuring log integrity, use case tuning, and reduced false positives.

Incident Response & Threat Handling: Execute end-to-end incident response (detect, analyze, contain, eradicate, recover) supported by root cause analysis and standardized runbooks.

Threat Hunting & Intelligence: Enhance detection through proactive threat hunting, use case refinement, and integration of global/regional threat intelligence.

Cloud & Identity Security: Secure M365 and identity platforms by enforcing Conditional Access, monitoring anomalous activities, and aligning with Zero Trust principles.

Security Automation & SOAR: Develop and maintain SOAR playbooks to automate response actions, improve consistency, and reduce mean time to respond (MTTR).

Operational Coordination & Reporting: Collaborate with internal/external stakeholders, maintain operational documentation, and report on incidents, risks, and security posture.

Security Leadership: Mentor and guide SOC analysts and engineers, fostering continuous improvement in detection and response capabilities.

Lead the establishment and optimization of the Security Operations Center (SOC) function, including strategy design, team building, and automated response workflows.

Vulnerability Management (RBVM): Lead end-to-end vulnerability lifecycle (scanning, prioritization, remediation) using risk-based approaches to address critical and actively exploited vulnerabilities.

Security Assessment & Hardening: Identify misconfigurations, shadow IT, and infrastructure weaknesses; drive remediation and system hardening across cloud and on-prem environments.

Security Posture & Compliance: Continuously assess and improve security posture in alignment with international standards (e.g., NIST, ISO 27001) and regional regulations (e.g., NESA, SIA).

Threat & Risk Assessment: Perform targeted risk assessments on critical assets and infrastructure, defining and tracking mitigation strategies.

Tooling & Platforms: Utilize enterprise vulnerability management and security platforms (e.g., Qualys, Tenable, Microsoft Defender) to support continuous exposure management.

Contribute to the design and engineering of advanced cybersecurity systems to protect M365 SaaS cloud and on-premise environments.

Project Management: Support the execution of secure engineering and system upgrades, including risk assessments, and project scheduling.