Senior Cybersecurity Assurance Specialist

Role Overview

Security Assurance & Configuration Review

• Perform detailed security configuration reviews across enterprise security platforms, including DLP, XDR, PAM, CASP/EASP, WAF, Linux servers, and Email Relay/Email Security solutions.
• Evaluate implemented security controls to ensure alignment with organizational security policies, hardening standards, regulatory requirements, and industry best practices.
• Validate the effectiveness of security configurations and identify potential weaknesses, misconfigurations, and control deficiencies.

Vulnerability Assessment & Gap Analysis

• Conduct vulnerability assessments and security posture reviews across infrastructure, applications, and security platforms.
• Correlate vulnerability findings with configuration weaknesses, architectural risks, and control gaps.
• Perform security gap assessments against recognized frameworks, standards, and security baselines, including but not limited to ISO 27001, NIST Cybersecurity Framework, CIS Benchmarks, and organizational security requirements.
• Identify risks and provide actionable recommendations to enhance security resilience.

Reporting & Stakeholder Engagement

• Prepare comprehensive assessment reports containing technical findings, risk ratings, business impact analysis, supporting evidence, and remediation recommendations.
• Present assessment outcomes and executive summaries to cybersecurity leadership, technology teams, and business stakeholders.
• Collaborate with security operations, infrastructure, cloud, and application teams to support remediation planning and risk mitigation activities.
• Track remediation progress and provide assurance validation following corrective actions.

Security Governance & Compliance Support

• Support internal and external security audits, compliance reviews, and regulatory assessments.
• Contribute to the development and enhancement of security standards, hardening guides, assessment methodologies, and assurance procedures.
• Ensure all assessment activities are conducted using structured, repeatable, and risk-based methodologies.

Professional Standards & Working Principles

• Adhere to established security assessment methodologies and quality assurance standards.
• Ensure all findings are evidence-based, technically validated, and supported by risk-focused analysis.
• Maintain strict confidentiality when handling sensitive security configurations, logs, system information, screenshots, and assessment data.
• Deliver clear, practical, and business-aligned remediation recommendations.
• Manage assessment activities within agreed scope, timelines, deliverables, and quality expectations.
• Maintain high standards of documentation, communication, professionalism, and stakeholder engagement.

& Experience

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
• Minimum 7–10 years of experience in Cybersecurity Assurance, Security Assessment, Vulnerability Management, Security Architecture Review, or related cybersecurity disciplines.
• Proven hands-on experience conducting security configuration reviews, vulnerability assessments, control validation, and security assurance activities.
• Strong technical knowledge of:

• Privileged Access Management (PAM)

• Cloud Access Security Broker (CASB) / Enterprise Security Access Platforms (EASP)

• Linux Security Hardening & Assessment

• Email Security and Email Relay Platforms
• Experience with security hardening standards, secure configuration baselines, and control validation techniques.
• Strong understanding of cybersecurity risk management, governance, compliance, and security control frameworks.

Preferred Certifications

• One or more of the following certifications are highly desirable:
• CISSP – Certified Information Systems Security Professional
• CISA – Certified Information Systems Auditor
• Security+
• CEH – Certified Ethical Hacker
• GSEC – GIAC Security Essentials Certification
• ISO/IEC 27001 Lead Implementer or Lead Auditor

• GIAC Certifications (GCIA, GCSA, GSEC, GPEN)

• Vendor-specific certifications related to DLP, XDR, PAM, WAF, Linux Security, Email Security, or Cloud Security Platforms