Principal Responsibilities    Collaborate with technical and business teams to address security flaws and implement remediation plans.
   Oversee application security tasks, ensuring alignment with audit requirements and internal policies.
   Support change and incident management processes, with a focus on high-priority incidents (P1 & P2).
   Provide guidance to development and support teams on security-related ticket requirements and process expectations, ensuring SLA compliance.
   Act as a liaison with internal stakeholders to ensure clear communication and quality engagements.
   Support governance and administrative functions, including audit preparation and policy development.
   Compile and deliver regular reports, including weekly, monthly, and OSM-specific security metrics.
Required Key Skills (Functional/Technical)
Application Security & Vulnerability Management
   Familiarity with Common Vulnerability Scoring System (CVSS)
   Experience with tools like OWASP ZAP, Veracode, Rapid7 (on-prem), and Wiz.IO (cloud vulnerability            management and CSPM)
   Track and assist in the closure of identified vulnerabilities, working closely with IT and Development              teams
   Review and maintain secure configurations for systems, applications, and network devices
      Security Fundamentals
   Working knowledge of encryption, authentication, and secure data transmission
   Knowledge of network security principles and firewall configurations
   Familiarity with SSO and MFA using OKTA, and directory services such as MS Active Directory
   Experience with CyberArk PAM for privileged access management
     Security Information and Event Management (SIEM)
   Use of Splunk SIEM for real-time threat detection and log analysis
   Review and optimise SIEM use cases to enhance threat detection and response capabilities
     Monitoring & Endpoint Security
   Experience with Tanium and MS Defender for server and endpoint security management
   Familiarity with IBM Guardium for database activity monitoring
   Exposure to Cyera for data identification and classification
     Cloud & Infrastructure Security
   Experience with Wiz.IO for cloud security posture management (CSPM) and IaC scanning
   Understanding of secrets management using AWS Secrets Manager, Azure Key Vault, or GCP Secrets        Manager
   Familiarity with Thales and AWS KMS/HSM for key management
     Other Tools & Platforms
   Knowledge of SailPoint for identity governance
   Experience with CyCognito for external attack surface management
   Familiarity with Imperva for WAF, DDoS, and botnet protection
   Exposure to ProofPoint and MS Office365 Message Security for email security
   Use of 1Password for credential management
   Awareness of Netwrix for password policy enforcement