Cyber Security Risk Assessment and Advisory Services(CSRA)

This role is for one of the Weekday's clients

Min Experience: 6 years

Location: Mumbai

JobType: full-time

Qualifications:

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Engineering, or a related field
• Relevant certifications preferred: CISSP, OSCP, CRISC, CSSLP

Experience:

• 10–12 years in cyber security, including 8+ years of hands-on experience in:
• Security assessments for web, mobile, APIs, network, infrastructure, and platforms
• Risk evaluation for AI-driven products

Requirements

Technical Expertise:

• In-depth understanding of security frameworks and standards such as OWASP, SANS, MITRE ATT&CK
• Strong knowledge of threat vectors, exploitation techniques, and mitigation strategies
• Proficiency in threat modeling and gap analysis of security controls
• Familiarity with containerization technologies (Docker, OpenShift, Kubernetes) is a plus
• Experience in coding (1–2 years) is advantageous

Key Responsibilities:

• Perform architecture and data-flow reviews, threat modeling, and risk analysis
• Evaluate design documents (SRS, HLD/LLD, BCP) for potential security weaknesses
• Develop and maintain control checklists aligned with global security standards
• Conduct security risk assessments across applications, APIs, mobile platforms, microservices, infrastructure, and AI solutions
• Prepare comprehensive risk reports, classify risks based on severity, and monitor project adherence to security controls
• Recommend mitigation strategies and compensating controls to development and operations teams
• Collaborate effectively with internal teams, project managers, and customers
• Escalate high-impact risks that affect the overall security posture
• Keep up-to-date with evolving cyber threats and actively contribute to team knowledge sharing
• Train and mentor team members on security best practices and methodologies

Personal Attributes:

• Strong communication skills—both written and verbal
• High attention to detail and critical thinking ability
• Capable of explaining complex risk concepts in a clear, simple manner
• Skilled at managing multiple priorities in a fast-paced environment
• Self-motivated, adaptable, and able to work independently or as part of a team

Key Skills:

• Cybersecurity
• Risk Assessment & Advisory
• OWASP, MITRE, SANS
• CISSP, OSCP, CRISC (preferred)
• Threat Modeling
• Application & Infrastructure Security
• AI Product Risk Evaluation
• Container Security