IT Security Officer (Public Sector) - Part-Time

• 1-year contract, renewable
• Hybrid work arrangement
• Government project

Key Responsibilities

• Perform threat modelling and establish threat profiles to identify, assess, and remediate application security risks.

• Review application architectures, APIs, and cloud environments to ensure compliance with security best practices.

• Conduct security testing using SAST tools such as Fortify-on-Demand, SonarQube, and similar solutions.

• Track, manage, and remediate security vulnerabilities through timely patching and mitigation activities.

• Work closely with development, DevOps, and infrastructure teams to integrate security controls into CI/CD pipelines.

• Conduct security awareness training and provide security advisory support to project teams.

• Ensure adherence to security standards and frameworks such as OWASP Top 10 and OWASP ASVS.

Requirements

• Minimum 4 years of experience in software development, application security, and/or cloud computing (AWS preferred).

• Strong understanding of web and mobile application security, API security, and related technologies (REST, SOAP, SSL/TLS).

• Experience in threat modelling and application security risk assessment.

• Familiarity with Agile development methodologies, DevOps practices, and CI/CD pipelines.

• Hands-on experience with security scanning tools such as Fortify-on-Demand, SonarQube, or equivalent.

• Good knowledge of security best practices and secure software development lifecycle (SSDLC).

• Strong analytical, troubleshooting, communication, and stakeholder management skills.

• Ability to work independently and collaboratively within cross-functional teams.

Preferred Qualifications

• Relevant certifications such as CISSP, OSCP, AWS Security Specialty, AWS DevOps Engineer, or equivalent.

• Experience working in Government environments.

• Experience with Government Commercial Cloud (GCC) environments.