Gaditek is in search of a highly motivated, hard-working, intelligent, and passionate individual to join our tactical security ops team as Senior Information Security Specialist and keep us one step ahead of threats, hackers and malicious activities across the network, cloud, endpoint and mobile devices.
This position will be a part of the Security Engineering (SE) team responsible for establishing a unified enterprise security architecture to secure our brand’s information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the privacy of our brand’s customers and employees. The candidate will have the opportunity to directly drive and contribute with projects associated across all types including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS).
Why is this role important for GADITEK’s work?
GADITEK’s mission is to support its brands with the right talent so they can take us to new levels of excellence in existing and non-existing areas; and in the process, make them more valuable and relevant in the marketplace.
We believe in staying one step ahead of threats, hackers and malicious activities across the network, cloud, endpoint and mobile devices. And this role is critical for creating an impermeable, iron-clad security mesh around our network and securing our competitive advantage as we continue to set and achieve aggressive goals.
Once you are here, you will:
Work with all stakeholders to implement cloud security architectures and best practices by determining security requirements and proposing solutions that balance business needs with information & cybersecurity needs.
Assist in guiding, prioritizing, and measuring our efforts in achieving and maintaining onsite and cloud security.
Perform internal cloud services security reviews and recommend changes or enhancements for identified security design gaps in existing and proposed architectures.
Align security standards, frameworks, and policies with overall business and technology strategy. Drive organization towards certifications such as ISO 27001 and others.
Design and build prototype security solutions, including security specific test cases.
Perform and facilitate security reviews and threat modeling exercises, identifying attack vectors that may be used to exploit cloud services and working collaboratively and proactively to remediate them.
Drive on-going security testing for vulnerabilities utilizing both automated and manual testing tools.
Identifying and communicating current and emerging onsite and cloud security threats, including specifying requirements and controls to mitigate threats as they emerge.
Assist with security reviews of third-party vendors and services providers when needed.
Assist with Incident Response as required and contribute to GDPR breach notification efforts.
Work across the company to identify and implement GDPR requirements, related to cloud services offerings.
What does GADITEK offer you?
GADITEK is a new age company that is focused on just one thing: keeping you relevant in the market. We work hard. Harder than most other places of work in the same hours. But we also purposefully find ways to allow our teams to enjoy work together. As a result, we’re among the top IT and technology companies in Pakistan.
Working with us, you will never have to worry about being left behind in the market or losing your market value. You will always remain market competitive, work on challenging new projects that require you to put your knowledge and experience to create amazing solutions that you’re proud of and which help us go to new places.
2+ years of technical leadership experience in the software security field including customer interfacing
Minimum 6+ years familiarity with cloud-based applications, server-based software, mobile applications, and embedded software
Minimum 5+ years with incorporating cybersecurity into software development processes and programs
Master's degree in Computer Science or Cybersecurity.
Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP or CISSP.
Background in systems engineering.
Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response.
Understanding of security by design principles and architecture level security concepts.
Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.