• Would you like to join the leading international intergovernmental organization?
  
  The Centre for Maritime Research and Experimentation (CMRE) is an established, world-class scientific research and experimentation facility that organizes and conducts scientific research and technology development centred on the maritime domain. It delivers innovative and field-tested science and technology (S&T) solutions to address defence and security needs of the Alliance.

• Responsibilities:

• Perform vulnerability assessments, penetration testing, and security evaluations to identify and address weaknesses across IT infrastructure

• Design, develop, and maintain security architectures for enterprise, cloud, and hybrid environments incorporating threat modelling and risk management principles

• Assess and ensure compliance with security frameworks, conduct audits, document findings, and drive continuous improvement initiatives

• Provide strategic guidance on emerging technologies, risk mitigation strategies, and alignment of security controls with business objectives

• Work with software development teams to ensure secure software development lifecycle in employed and create guidelines and material to document the security aspects

• Audit source code to ensure compliance with security frameworks, document findings, and work with developer to increase the security posture of the code

• Conduct penetration test and vulnerability scanning, adapting/defining frameworks and processes to ensure software application are secure across the whole life cycle

Essential Qualifications & Experience:

• A minimum requirement of a bachelor’s degree at a nationally recognised/certified University in an information systems, physics or electronics related scientific or engineering discipline

• A minimum of 3 years of experience in defining and implementing secure software development lifecycle (SDLC), employing a shift-left security culture

• Professional experience in threat modelling, security code review, static/dynamic code analysis, software supply chain security framework (e.g. SLSA)

• Professional experience in vulnerabilities scanning and remediation

• Professional expertise in manual and automatic penetration test (white/grey/black-box)

• Deep understanding of cybersecurity frameworks including ISO/IEC 27001, NIST SP-800 series, GDPR, and industry-specific regulatory requirements with ability to translate standards into practical security controls

• Industry-recognized security certifications such as CISSP, CISM, CRISC, CISA, CompTIA Security+, or equivalent credentials demonstrating commitment to professional development

• Professional hands-on expertise with enterprise security tools including firewalls, intrusion detection and prevention systems, security information and event management (SIEM) platforms, and identity and access management solutions

• Strong capability to analyze security breaches, identify root causes, assess complex vulnerabilities, and develop effective remediation strategies based on technical evidence and threat intelligence

• Excellent ability to document technical security architecture, produce comprehensive reports, write Standard Operating Procedures, communicate risk to stakeholders at all levels, and work effectively across multidisciplinary teams

• Good level of spoken and written English

If you've read the description and feel this role is a great match, we'd love to hear from you! Click "Apply for this job" to be directed to a brief questionnaire. It should only take a few moments to complete, and we'll be in touch promptly if your experience aligns with our needs.