Security Specialist

3+ years of experience in cybersecurity, information security, or security operations. Hands-on experience with Data Loss Prevention (DLP) tools and data classification frameworks. Strong data flow mapping expertise. Solid understanding of cloud security concepts, encryption, and cloud-native security tools (AWS preferred). Expertise in IAM and Access Control Monitoring (least-privilege models, RBAC, MFA, anomaly detection). Familiarity with audit logging, SIEM tools, vulnerability management, and endpoint security. Experience with incident response processes and playbooks. Strong understanding of MITRE ATT&CK, threat actors, and common attack vectors. Working knowledge of compliance standards such as GDPR, SOC 2, and data protection regulations. Excellent communication skills. Experience working in fintech, blockchain, or DeFi environments (Nice-to-Have). Familiarity with cryptographic concepts, wallets, smart contracts, or key-management practices (Nice-to-Have). Certifications such as Security+, CySA+, GSEC, GCIH, OSCP, CCSP, or similar (Nice-to-Have). Experience automating security workflows using scripting languages (Nice-to-Have). Exposure to ISO 27001, SOC 2 Type II audits, or similar security frameworks (Nice-to-Have).

Monitor, analyze, and respond to security events. Implement and manage SIEM, IDS/IPS, endpoint protection, and logging infrastructure. Conduct vulnerability assessments and coordinate remediation. Oversee secure configuration baselines. Implement and enforce Data Loss Prevention (DLP) policies. Perform detailed data flow mapping. Secure cloud environments (AWS preferred). Manage cloud access policies, network segmentation, secrets management, and continuous monitoring. Support compliance frameworks (GDPR, SOC 2, ISO 27001). Develop and maintain internal security policies and procedures. Serve as the Access & Control Monitoring expert. Perform regular access reviews and privilege audits. Deliver security awareness training and simulations. Lead incident response processes. Maintain and improve the incident response playbook. Collaborate with engineering teams on secure-by-design practices (bonus). Conduct application security reviews, threat modeling, and code analysis (bonus). Contribute to architecture decisions for new features and infrastructure (bonus).