Job Description

To design, implement, and maintain robust cybersecurity and information security frameworks that protect Sol-Millennium's global digital infrastructure and sensitive data assets. The position plays a critical role in enabling secure digital transformation, maintaining compliance with international data protection regulations, and protecting the trust of customers and stakeholders through proactive threat management and governance.



Develop, enforce, and maintain information security policies, standards, and controls aligned with industry best practices (e.g., NIST, ISO 27001). Identify, evaluate, and remediate system and application vulnerabilities, prioritizing the resolution of known opportunities. Configure and maintain core security infrastructure, including firewalls, SIEM, IDS/IPS, endpoint protection, and identity access controls. Monitor threat intelligence feeds and respond to real-time threats; support the implementation of a 24/7 Security Operations Center (SOC) or SIEM platform. Conduct risk assessments, security audits, and compliance reviews across cloud, on-premises, and hybrid environments. Ensure adherence to international security and privacy regulations such as GDPR, HIPAA, and other applicable regional standards. Lead phishing simulation exercises and drive end-user cybersecurity awareness programs. Collaborate with DevOps and IT teams to embed security controls into CI/CD pipelines (DevSecOps). Support compliance audits and maintain regulatory remediation tracking. Identify and mitigate risks related to:

Legacy systems and misconfigurations

, which expose critical attack surfaces.

Delayed breach detection

, which can significantly increase operational and reputational impact.

Unpatched known vulnerabilities

, which leave extended exposure windows for attackers.

Outdated software components

, often exploited in ransomware attacks across endpoints and servers.

Database vulnerabilities

, ensuring proper hardening and access control.

Third-party SaaS platforms

, enforcing secure configurations and vendor risk management. Evaluate third-party vendors for alignment with internal data security and privacy standards. Develop and operationalize incident response know how. Coordinate the design or vendor selection of a 24/7 Security Operations Center and SIEM platform. Lead remedy efforts for legacy applications and infrastructure with a focus on misconfigurations and technical debt reduction Establish and report on key security metrics, phishing simulation failure rates, and policy audit results Assess and monitor third-party platforms and SaaS tools for security risks, and enforce secure vendor onboarding standards

Essential tools hands on,

Qualys/Nessus/Rapid7

Microsoft Sentinel

Metasploit Framework/Burp Suite/Nmap

Microsoft Defender for Endpoint

Wireshark

Azure Active Directory/Ping Identity

Microsoft Defender for Cloud

Microsoft Purview Compliance Manager

Microsoft Threat Intelligence

Microsoft Defender XDR



Qualifications:



Minimum 5 years of experience in both Information Security and Cybersecurity roles Hands-on experience with SIEM tools, endpoint protection, firewalls, and network security Solid understanding of security governance, data classification, IAM, and compliance frameworks * Demonstrated ability to handle incident response and lead vulnerability remediation efforts