9 Security Consultant jobs in Pakistan

• Security Strategy & Governance: Develop, implement, and update security policies, procedures, and controls to align with global standards (ISO 27001, NIST, GDPR, PCI DSS).
• Risk & Vulnerability Management: Conduct regular risk assessments, vulnerability scans, penetration testing, and security audits to proactively identify and remediate threats.
• Incident Response & Forensics: Monitor security systems, investigate incidents, perform root cause analysis, and lead incident response activities to minimize impact and prevent recurrence.
• Compliance & Audit Readiness: Ensure organizational compliance with local and international regulations, prepare documentation, and support internal/external security audits.
• Infrastructure & Cloud Security: Provide expert guidance on securing networks, applications, endpoints, and cloud environments (Azure, AWS, etc.).
• Data Protection & Access Control: Design and implement robust identity, access management, and encryption strategies to safeguard sensitive information.
• Awareness & Training: Conduct security awareness programs and workshops for employees and client teams to strengthen security culture.
• Advisory & Consulting: Work closely with business units, IT teams, and client stakeholders to integrate security requirements into new solutions, projects, and digital transformation initiatives.
• Reporting & Documentation: Prepare detailed reports, dashboards, and presentations on risk posture, incidents, compliance gaps, and remediation plans for senior management and clients.

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field.
• 5+ years’ experience in information security or cybersecurity consulting.
• Hands-on expertise with firewalls, IDS/IPS, SIEM, DLP, endpoint security, and cloud security tools .
• Strong knowledge of security frameworks and regulatory compliance.
• Preferred certifications: CISSP, CISM, CEH, ISO 27001 LA/LI .

• Security Strategy & Governance: Develop, implement, and update security policies, procedures, and controls to align with global standards (ISO 27001, NIST, GDPR, PCI DSS).
• Risk & Vulnerability Management: Conduct regular risk assessments, vulnerability scans, penetration testing, and security audits to proactively identify and remediate threats.
• Incident Response & Forensics: Monitor security systems, investigate incidents, perform root cause analysis, and lead incident response activities to minimize impact and prevent recurrence.
• Compliance & Audit Readiness: Ensure organizational compliance with local and international regulations, prepare documentation, and support internal/external security audits.
• Infrastructure & Cloud Security: Provide expert guidance on securing networks, applications, endpoints, and cloud environments (Azure, AWS, etc.).
• Data Protection & Access Control: Design and implement robust identity, access management, and encryption strategies to safeguard sensitive information.
• Awareness & Training: Conduct security awareness programs and workshops for employees and client teams to strengthen security culture.
• Advisory & Consulting: Work closely with business units, IT teams, and client stakeholders to integrate security requirements into new solutions, projects, and digital transformation initiatives.
• Reporting & Documentation: Prepare detailed reports, dashboards, and presentations on risk posture, incidents, compliance gaps, and remediation plans for senior management and clients.

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field.
• 5+ years’ experience in information security or cybersecurity consulting.
• Hands-on expertise with firewalls, IDS/IPS, SIEM, DLP, endpoint security, and cloud security tools .
• Strong knowledge of security frameworks and regulatory compliance.
• Preferred certifications: CISSP, CISM, CEH, ISO 27001 LA/LI .

We are seeking a highly skilled and motivated Mid-Tier Cyber Security Consultant with 4–5 years of proven experience in Vulnerability Assessment and Penetration Testing (VAPT), client handling, and red teaming. The ideal candidate will be a self-motivated professional with strong technical expertise and exceptional soft skills, capable of delivering high-quality services in a fast-paced, client-focused environment. Preference will be given to candidates with relevant certifications and experience in a vendor-side company.

Key Responsibilities

• Vulnerability Assessment and Penetration Testing (VAPT):
  • Conduct comprehensive vulnerability assessments and penetration tests on web applications, networks, cloud environments, and mobile applications.
  • Identify, analyze, and prioritize security vulnerabilities using industry-standard tools and methodologies.
  • Develop detailed technical reports with findings, risk assessments, and remediation recommendations tailored to technical and non-technical stakeholders.
  • Stay updated on emerging threats, vulnerabilities, and attack vectors to enhance testing methodologies.

• Red Teaming:
  • Plan and execute advanced red team engagements, simulating real-world cyberattacks to test organizational defenses.
  • Perform reconnaissance, social engineering, privilege escalation, and lateral movement to identify weaknesses in security controls.
  • Collaborate with blue teams to validate detection and response capabilities, providing actionable insights to improve security posture.
  • Document red team activities, including attack scenarios, methodologies, and outcomes, in clear and concise reports.

• Client Handling:
  • Act as the primary point of contact for clients, building strong relationships and ensuring clear communication throughout the engagement lifecycle.
  • Conduct scoping meetings, gather requirements, and tailor security assessments to meet client-specific needs and objectives.
  • Present findings and recommendations to clients in a professional and approachable manner, addressing both technical and business audiences.
  • Manage client expectations, resolve concerns promptly, and ensure high levels of client satisfaction.

• Project Management and Delivery:
  • Manage multiple concurrent projects, ensuring timely delivery of high-quality results within scope and budget.
  • Develop project plans, timelines, and deliverables in collaboration with internal teams and clients.
  • Proactively identify risks and challenges in engagements and implement solutions to maintain project momentum.

Required Qualifications

• Experience:
  • 4–5 years of hands-on experience in cyber security, with a focus on VAPT and red teaming.
  • Proven track record in a vendor-side company, delivering security services to diverse clients across industries.
  • Demonstrated experience in managing end-to-end VAPT engagements, including scoping, execution, and reporting.
  • Hands-on experience in red team operations, including adversarial simulation and advanced attack techniques.
• Certifications (Preferred):
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • GIAC Penetration Tester (GPEN)
  • Certified Red Team Professional (CRTP)
  • Other relevant certifications (e.g., CompTIA PenTest+, CISSP, or equivalent)
• Soft Skills:
  • Excellent communication and presentation skills, with the ability to explain complex technical concepts to non-technical stakeholders.
  • Strong interpersonal skills, with a client-centric approach to build trust and long-term relationships.
  • Self-motivated and proactive, with a strong sense of ownership and accountability for deliverables.
  • Ability to work independently and collaboratively in a team-oriented environment.
• Preferred Qualifications
  • Experience working in a vendor-side cyber security firm, delivering services to clients in sectors such as finance, healthcare, or technology.
  • Familiarity with compliance frameworks such as ISO 27001, GDPR, or NIST.
  • Ability to mentor junior team members and contribute to knowledge-sharing initiatives.

E T Consultant - Country Security Specialist

Description

Do you want to build a career that is truly worthwhile? Working at the World Bank provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank consists of two entities – the International Bank for Reconstruction and Development (IBRD) and the International Development Association (IDA). It is a global development cooperative owned by 189 member countries. As the largest development bank in the world, the World Bank provides loans, guarantees, risk management products, and advisory services to middle-income and creditworthy low-income countries, and coordinates responses to regional and global challenges. Visit

Global Corporate Solutions

Reporting to the Managing Director and World Bank Chief Administrative Officer, the Global Corporate Solutions (GCS) department provides a broad range of shared corporate services that are needed for the effective functioning and mission of the WBG to include: Corporate Security; Corporate Real Estate & Facilities and Corporate Services.

Corporate Security
Corporate Security (GCSSC) is responsible for the strategic security program that empowers the WBG to carry out its business worldwide. The division’s mission is to support global operations by employing risk mitigation strategies and promoting the principle of a shared responsibility for security and safety. Corporate Security (GCSSC) staff serve at both WBG Headquarters in D.C. and in Bank Group offices in more than 100 countries.

Role and Responsibilities

The World Bank Group in Pakistan consists of offices in Islamabad and Karachi with national and non-national staff, as well as visiting mission staff. The position of Extended Term Consultant Country Security Specialist (CSS) will be Locally Recruited Staff and located in the Country Office in Karachi. The position of Extended Term Consultant CSS will be for an initial duration of one (1) year.

The incumbent CSS will report to, and receive support and direction from the regional CS Manager through the India-based Senior Security Specialist (SSS) for the South Asia region.
The incumbent will advise and consult with management in the WBG Offices of responsibility and will discharge his/her assignment under the direct authority and guidance of the IBRD and IFC Heads of Office in each location.

The CSS may, when requested, be required to provide occasional back-up support to WBG Country Offices and other Country Security Specialists in region, and possibly to other geographical regions, and may be required to travel on short notice. In addition, the CSS will serve in a full-time capacity and on-call for emergencies.

The duties of the Country Security Specialist are to provide security support to WBG Country Office Management and staff in the following areas: a) security risk management; b) security awareness; c) contingency planning; d) protective operations; e) guard force contract management; f) provide 24-hour on call emergency security support to the IBRD and IFC Country Offices and staff in the assigned portfolio.

A. Security Risk Management:
1. Assist Senior Security Specialist (SSS) and Country Office Management in developing and overseeing the day-to-day conduct of the office security programs and ensuring preparation of adequate responses to security incidents and natural and man-made disasters.
2. Provide inputs for the preparation of Security Risk Assessments for the countries in the portfolio may be required from time-to-time.
3. Manage the video surveillance (CCTV), card access and other physical security and fire/life safety systems. Carry out testing and evacuation drills periodically.
4. Manage the Country Office major security equipment programs including armored vehicles (AVs), portable items such as handheld/ walk-through metal detectors, package screening devices, communications and tracking equipment) to include the procurement process when applicable.
5. Provide technical security advice to and coordinate with Corporate Real Estate, in consultation with the SSS and headquarters security staff, for all existing facilities and any potential new offices to include site selection, renovation of existing facilities and installation of effective physical and procedural security measures.
6. Monitor and advise on overall residential security for newly acquired and existing residences of non-national staff and upon request provide general residential security advice to all staff.
7. Provide advice on security arrangements at hotels, restaurants, ministries diplomatic/international organizations and other locations which staff may visit for business or recreation purposes.
8. Advise on the implementation of the WBG Road Safety policy in area of responsibility.
9. Liaise with host government security and law enforcement officials as appropriate and with security advisors for diplomatic/international organizations and private security firms to establish a network of contacts.
10. Assist staff and visiting missions in reporting incidents (Corporate Security, UNDSS, host government, etc.).
11. Ensure country office has a viable system in place, through the Watchkeepers function, to track staff and visiting missions, note arrival/departure/ residence changes, contact details while at the field location, and coordinate with UNDSS and the WBG Security Operations Center, including internal UN Security clearance program requirements.
12. Represent WBG and GCS at security meetings, as appropriate.
13. Prepare security program for periodic program reviews.

B. Security Awareness:
1. Provide newly arriving staff and visiting missions with practical security advice and contact information in advance of their visit and briefings upon arrival including communications and logistical support for field missions.
2. Draft staff security advisories on risk mitigation in response to the general security situation, following significant specific incidents and during periods of heightened risk.
3. Conduct periodic security awareness briefings and training for all staff.

C. Contingency Planning:
1. Assist with the coordination and revisions of the Crisis Management Plan (CMP) on an annual basis or more frequently as required or directed.
2. Serve as advisor to or as a member of the Country Office Crisis Management Teams (CMT).
3. Maintain and update as necessary all Country Office contingency planning material, reference documents and annexes.
4. Maintain and coordinate with periodic test the staff telephone tree, warden system and other local contingency plans.
5. Organize periodic security and fire/life safety training and briefings for all staff. Conduct appropriate emergency drills (fire, earthquake, shelter-in-place, and bomb threat).
6. Maintain and enhance the Country Office emergency contact and locator systems and ensure coordination between the Country Office, UNDSS, and the WBG Security Operations Center (SOC).
7. Continually assess in-country relocation and out-of-country evacuation options.

D. Protective Operations:
1. Provide advice on protective operations to include when applicable, the coordination of official vehicle movements, and any special security required for specific movements, locations or individuals; conduct site advance security assessments and coordinate security arrangements.
2. Plan emergency response actions in the event of an emergency or a direct or indirect threat to staff. Take proactive measures to prevent involvement in such activities and perform reactively to avoid/escape from those in progress.
3. Arrange the appropriate level of security and liaison for visiting senior World Bank Group officials.
4. Arrange continuing or special host government protective services support for staff, visiting missions and facilities as necessary.
5. Coordinate security arrangements for World Bank Group sponsored conferences and training events held in country as required.
6. Assist with the development of security policies and procedures to include approved/prohibited locations and to ensure a mechanism is in place to keep staff informed.

E. Guard Force Contract Management
Support the Management of the Country Office security guard services contracts to include the procurement process, contract extensions, conducting periodic reviews with guard services contract management, certification of invoices, documentation of non-performance and other issues.

F. 24-Hour on call Emergency Security Support to the responsible WBG Country Offices and staff (to include Visiting Mission staff).

Other Responsibilities May Be Assigned

Selection Criteria

• Master's degree with 5 years of relevant experience. Bachelor’s degree in combination with seven years of qualifying experience may be accepted in lieu of the master’s degree. A career level diploma (at least three consecutive years of training) from a military or police institution, college, or academy, in combination with seven years of security experience, may be exceptionally substituted for a bachelor's degree.
• Five years of progressive experience in security program management with an international or diplomatic organization preferred.
• Knowledge and experience in security program delivery and project implementation, especially in the geographic area of responsibility.
• Proficiency in Microsoft Windows applications, namely, Excel, Word, and PowerPoint.
• Proven proficiency in speaking, reading, and writing English and Urdu
• Willingness to travel to high-risk locations on short notice.
• Able to comfortably operate within a multicultural environment and build effective working relations with staff across the WBG.

Specialized Skills
• Knowledge of the risk environment in Pakistan.
• In depth knowledge of the development of security policies and procedures and a general understanding of threat mitigation procedures and high-risk operations.
• Ability to develop detailed security advisories and notifications for consideration and implementation by Country Office management.
• Knowledge of the range of protective operations.
• Familiar with basic procurement procedures and project/resource management.

WBG Culture Attributes:

1. Sense of Urgency – Anticipating and quickly reacting to the needs of internal and external stakeholders.
2. Thoughtful Risk Taking – Taking informed and thoughtful risks and making courageous decisions to push boundaries for greater impact.
3. Empowerment and Accountability – Engaging with others in an empowered and accountable manner for impactful results.

World Bank Group Core Competencies

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at theWorld Bank andIFC , including our values and inspiring stories.

Note: The selected candidate will be offered a one-year appointment, renewable at the discretion of the World Bank Group, and subject to a lifetime maximum ET appointment of three years. If an ET appointment ends before a full year, it is considered as a full year toward the lifetime maximum. Former and current ET staff who have completed all or any portion of their third-year ET appointment are not eligible for future ET appointments.