Cybersecurity Specialist

About the role

The Cybersecurity Specialist will establish and operate core cybersecurity controls for Petromin. This role covers security monitoring, identity and access management, endpoint, email, network and cloud security, vulnerability management, incident response, awareness, documentation and compliance support. The specialist is expected to leverage approved AI and automation tools to improve efficiency while protecting confidential data.

Key responsibilities

• Establish, operate and continuously improve day‑to‑day cybersecurity controls across Petromin systems, users, branches and digital platforms.
• Monitor security alerts from Microsoft 365/Entra, endpoint protection, firewalls, email security, SIEM/MSSP tools and other sources; investigate and promptly escalate.
• Administer core controls including MFA, privileged access, endpoint protection, email/web security, secure configuration baselines and periodic access reviews.
• Perform vulnerability scanning, patch validation, configuration hardening and risk‑based remediation tracking with IT infrastructure and application teams.
• Support incident response by triaging alerts, collecting evidence, containing threats, coordinating recovery, documenting root cause and improving playbooks.
• Build and maintain practical security policies, standards, SOPs, asset/control inventories, exception logs and security dashboards.
• Conduct phishing awareness, security training and user guidance in coordination with HR, IT and business units.
• Review new systems, cloud services, integrations and vendor solutions for cybersecurity risks before deployment.
• Use approved AI and automation tools responsibly to accelerate alert triage, threat research, reporting, policy drafting, scripting and repetitive security tasks without exposing confidential data.
• Support audits, compliance evidence, risk assessments, third‑party security reviews, backup/DR testing and management reporting.

Required profile

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering or equivalent practical experience.
• Preferred certifications: Security+, CySA+, CEH, SC-200, AZ-500, CCNA Security, ISO 27001 Foundation; Microsoft security certifications are a plus.
• 1‑5 years of hands‑on experience in cybersecurity, IT security, SOC, infrastructure security or a similar technical security role, preferably in a lean environment.

Required skills

• Microsoft 365 / Entra ID
• Multi‑Factor Authentication (MFA) and Identity & Access Management (IAM)
• Endpoint Detection & Response (EDR) / antivirus solutions
• Firewalls and VPN technologies
• Email and web security solutions
• Vulnerability scanning and patch management tools
• Security Information and Event Management (SIEM) and Managed Security Service Provider (MSSP) platforms
• Secure configuration baselines and hardening practices
• AI‑enabled automation tools for security operations