Staff IT Security Analyst is responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT & amp; application security and Security risk across the enterprise.
- Assesses information risk and facilitates remediation of identified vulnerabilities with the applications, IT Infrastructure & systems, Reports on findings and recommendations for corrective action
- Performs vulnerability assessments as assigned utilising IT security tools such as IDS, HIDS, FIM, Web Application Firewalls, vulnerability scanners, and methodologies
- Performs assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program.
- Identifies opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios.
- Facilitates and monitors the performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT, Application and vendors regarding the security maintenance of their systems and applications.
- Provides weekly project status reports, including outstanding issues. The IT Security/Risk Analyst assists in all IT audits, IT risk assessments and regulatory compliance.
- Experience with encryption technologies, DRM, PKI, secure coding Knowledge of AWS security (Security groups, config rules, access controls, segmentation, logging and alerting) Scripting and coding abilities are a plus Excellent communication skills.
- Strong knowledge in OWASP vulnerability assessment & NIST framework
- Classify and track incidents through identification and resolution. Operate vulnerability management tools, such as Nessus, Burp Suite, etc. to perform internal and external vulnerability assessments.
- Provide advice and assistance to teams to improve security posture and develop a system that provides metrics to support Information Security initiatives and security awareness across the company.
- Experience in handling RFPs, Contracts, and Client audits at security perspective
- 8 plus years of experience
- Bachelor’s Degree
- Demonstrates a strong drive for efficiency, resolving problems and getting the work done in a timely, quality-focused manner
- Experience in various security audits with internal & external consultants like SOC1, SOC2, and SOC3, ISO 27001, GDPR. Prepare necessary security documentation and evidence during audits.
- Promote awareness of applicable security policies and standards. Implement or coordinate remediation required by audits, as necessary. Review of security documentation and architecture to provide approvals for application deployments, firewall rules, etc
- Must have managed enterprise-level IT Security infrastructure, implementation projects including Designs, builds and delivers physical, logical and personnel Security measures to fulfil the Legal, Regulatory and business requirements
- Possess current security certifications, a plus (e.g., 2700x, CCSP, CISSP, CEH)
- Experience of development & deployment in Cloud infrastructure & associate protocols (AWS, Azure, IoT Hub…)
- Ability to demonstrate the feasibility of proposed architecture through mock-up / Prototyping
Good to have
- Experience / knowledge on mobile OS (iOS, Android) & amp; mobile application security is a plus
- DevSecOps experience is a plus