We are seeking for a senior cybersecurity professional responsible for advancing security testing, offensive security, and secure-by-design capabilities across a large ministry ecosystem. Acts as a technical authority bridging governance with hands-on execution, driving a shift from reactive security to proactive, standardized, and resilient security practices.

Mandatory Skill(s)

• Minimum 8 years of hands-on technical experience in cybersecurity, with a strong focus on offensive security and application security;
• Must have OSCP certification – mandatory for Security Services role;
• Must have proven experience conducting penetration testing across web applications, IT systems, cloud platforms, and complex network environments;
• Expertise in manual and automated source code reviews; strong understanding of secure software development lifecycle (SSDLC);
• Ability to read and analyze code in Java, Python, .NET, and JavaScript;
• Proficiency with SAST, DAST, SCA, and VAPT tools such as Checkmarx, Fortify, SonarQube, Snyk, and Burp Suite;
• Strong understanding of MITRE ATT&CK framework, adversary TTPs, and hands-on use of CI/CD tools (Jenkins, GitLab CI, GitHub Actions);
• Practical experience working in cloud environments, including government-regulated cloud platforms;
• Ability to clearly communicate complex technical risks to non-technical stakeholders.

Desirable Skill(s)

• OSWE (Offensive Security Web Expert), CASE, GWEB, or equivalent advanced security certifications;
• Experience leading red team engagements and adversary simulation exercises;
• Strong analytical skills to identify recurring security gaps and improve testing quality;
• Demonstrated ability to mentor teams and uplift security maturity across multiple organizations;
• High intellectual curiosity with continuous learning mindset in evolving threat landscapes.

Responsibilities

• Define and maintain ministry-wide security testing frameworks covering Vulnerability Assessment and Penetration Testing (VAPT);
• Develop and roll out SOPs for engaging external security vendors and managing internal security testing cycles;
• Create quality rubrics to assess penetration testing vendors and conduct periodic reviews of testing reports;
• Lead complex red teaming exercises and advanced penetration tests on high-impact systems;
• Simulate real-world adversary attacks using current threat actor tactics, techniques, and procedures (TTPs);
• Continuously monitor the global threat landscape and update security testing standards accordingly;
• Establish and enforce secure coding standards aligned with OWASP and SANS guidelines;
• Lead strategies for Static Application Security Testing (SAST) and Software Composition Analysis (SCA);
• Evaluate and recommend security tools for source code analysis and third-party library risk detection;
• Provide guidance on integrating security tools into CI/CD pipelines (DevSecOps);
• Review and recommend systems that improve overall code quality with security as a core principle;
• Track emerging technologies including cloud-native security and AI-assisted development to enhance resilience;
• Act as a trusted advisor to senior technology and security stakeholders on secure-by-design practices;
• Build and manage communities of practice to harmonize security testing efforts across agencies.

If you are interested in this role, click on the “Apply to this job” button below or you could also write in with your CV to Dianne Antonio at dianne.a@sciente.com quoting the job title.