IT Security specialist.
Job Title:
IT Security Specialist
Department:
Information Technology
Reporting to:
IT Director
Key Role:
The IT Security Specialist is responsible for implementing and maintaining security measures that protect GUST’s systems, data, and applications. This individual will work closely with the IT department's teams, including applications, infrastructure, and helpdesk, to monitor and respond to security incidents, ensuring the confidentiality, integrity, and availability of GUST’s information assets. The role also involves securing application code and ensuring that development processes follow secure coding practices.
Responsibilities:
•	Collaborate with IT teams to maintain security across all systems, applications, and infrastructure.
•	Perform daily monitoring of security events, system logs, and alerts to detect and respond to potential security incidents.
•	Implement and maintain security configurations on systems, networks, and applications to align with industry best practices.
•	Conduct regular vulnerability assessments on infrastructure and applications, with a focus on both network and code-level vulnerabilities.
•	Ensure that secure coding practices are integrated into the development process by working closely with development teams.
•	Review and assess application code for security vulnerabilities, using tools like static and dynamic analysis to identify weaknesses.
•	Coordinate with the IT department to ensure timely application of security patches, updates, and configuration changes in response to identified vulnerabilities.
•	Deploy and maintain security monitoring tools to detect unauthorized access or suspicious activity across applications and systems.
•	Investigate and respond to security breaches or incidents, implementing corrective actions and documenting findings.
•	Assist in the development and delivery of security awareness programs, with a focus on secure coding and application security best practices.
•	Stay up-to-date with the latest trends in cybersecurity, including application security threats, code vulnerabilities, and emerging security technologies.
•	Provide support during internal and external audits, ensuring compliance with security standards and policies.
Qualifications:
•	Education: Bachelor's degree in Information Security, Cybersecurity, or a related field.
•	Experience: 3-5 years of hands-on experience in information security, with a focus on network security, system security, application security, and secure coding practices.
•	Certifications: Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are preferred.
•	Skills:
o	Strong knowledge of security tools and techniques, including firewalls, intrusion detection systems (IDS), and security information and event management (SIEM) solutions.
o	Expertise in conducting vulnerability assessments, penetration testing, and remediation for both infrastructure and applications.
o	Experience in reviewing and securing application code, utilizing tools such as static application security testing (SAST) and dynamic application security testing (DAST).
o	In-depth understanding of encryption, secure access control, threat management, and secure coding principles.
o	Excellent analytical and problem-solving skills related to information security threats, especially in the context of application and code security.
o	Ability to collaborate effectively with various IT teams to maintain security.
o	Strong communication skills for clear documentation and reporting of security incidents.
Behavioral Skills:
•	Team player who works well with IT colleagues in other departments, particularly development teams.
•	Detail-oriented with a focus on maintaining security integrity at both the application and infrastructure levels.
•	Self-motivated and capable of managing security-related tasks independently.
•	Ability to work efficiently under pressure and prioritize multiple security tasks, especially in application security.