Cyber Security Lead

Avrioc Technologies, headquartered in Abu Dhabi, UAE, specializes in developing applications, software, games, and AI models that enhance daily experiences. The company is dedicated to innovation and continuous growth, aiming to transform ordinary experiences into extraordinary ones.

The Cyber Security Lead will report directly to the CISO/Manager and will focus on cloud infrastructure security, application security, incident response, and red teaming. The ideal candidate should have deep expertise in AWS Cloud environments and possess advanced knowledge of offensive security strategies, vulnerability management, and threat mitigation. This role involves driving cross-functional collaboration, managing a team of security professionals, and ensuring the organization’s security posture remains robust and proactive against emerging threats.

Responsibilities:

• Develop and execute cybersecurity strategies for AWS Cloud Infrastructure, application security, and related services.
• Collaborate with DevOps, IT, and development teams to embed security into all processes and workflows.
• Implement and maintain cloud security controls (CSPM, CWPP, CNAPP, CIEM, DSPM, IaC) to ensure compliance with industry best practices.
• Integrate and manage DevSecOps tools into CI/CD pipelines to embed security in the SDLC and manage API security frameworks effectively.
• Design, review, and maintain secure application architectures at all development stages; well-versed in OWASP Top 10, MAST, SAST, and DAST methodologies and best practices.
• Conduct Threat Hunting and lead Red Teaming exercises to proactively identify and mitigate security gaps.
• Oversee secure code reviews to detect and address vulnerabilities early in the development lifecycle.
• Lead incident response efforts, ensuring rapid detection, containment, and remediation of security threats.
• Conduct post-incident reviews and implement actionable improvements to enhance defense.
• Manage software supply chain security and assess third-party software to minimize supply chain risks.
• Optimize and manage Web Application Firewalls (WAF) and Cloud Firewalls to protect against evolving threats.
• Lead Vulnerability Assessment and Penetration Testing (VA/PT) programs for mobile and web applications.
• Design and execute phishing campaigns and employee security awareness programs.

Qualifications:

• Bachelor’s or master’s degree in information technology or computer science.
• Relevant industry-leading cybersecurity certifications such as CISSP, CISM, CCSP, CASP+, OSCP, or Security+.
• 8–12 years of experience in cybersecurity, with at least 3–5 years in a team leadership role.
• Proven expertise in managing cloud infrastructure security, application security architecture, and incident response programs.
• Hands-on experience with red teaming, secure code review, and vulnerability management.
• Strong expertise in API security, WAF management, and secure software development practices.
• Excellent ability to collaborate with cross-functional teams and influence strategic decision-making.

Language Requirements: Not specified.