Security Analyst

• Security Analyst, IT Security and Compliance
  
  Job Brief:
  We are seeking anexperienced Security Analyst to join our IT Security and Compliance team. Theideal candidate will have a cyber security mindset, encompassing variousdomains of cybersecurity. This role will primarily focus and play a criticalrole in safeguarding our organization's infrastructure from cyber threats. Youwill utilize your expertise in security tools and technologies to monitor,detect, and respond effectively.
  
  Key Responsibilities:
  
  Lead efforts to counter security breaches, anticipate future security alerts, incidents, and disasters, and reduce the likelihood of such occurrences.
• Define, maintain, and upgrade security measures, policies, and controls to enhance the overall security posture of the organization.
• Write reports and provide insights on the efficacy of current security policies, incident responses, disaster recovery plans, and other security-related information.
• Assist in creating SOPs & playbooks to secure the infrastructure and educate employees.
• Keep security systems up to date, maintaining relevant data to ensure compliance with security protocols.
• Conduct vulnerability testing, risk analyses, and both internal and external security remediations to assess security effectiveness.

Requirements:

• 3-5 Years of Cyber Security or IT Security Experience with proficiency in utilizing vulnerability scanning tools such as Nessus, Tenable, and Rapid7 to perform regular scans on both on-premise and cloud-based assets.

• Experience in managing SIEM (Security Information and Event Management) solutions like QRadar and Splunk to correlate security events and identify potential threats.
• Demonstrated ability to analyze and prioritize vulnerabilities identified by scanning tools based on their severity and impact on both on-premise and cloud environments.
• Familiarity with cloud security best practices and techniques for securing assets in platforms such as AWS, Azure, or Google Cloud Platform.
• Strong understanding of endpoint detection and response (EDR) solutions like CrowdStrike to detect and respond to threats on endpoints across the network.
• Proficient in creating and maintaining documentation related to vulnerability management processes, including remediation plans and risk assessments.
• Ability to communicate effectively with cross-functional teams to provide proactive security advisories for public-facing assets under risk, including timely mitigation strategies.
• Familiarity with regulatory compliance frameworks such as PCI DSS, HIPAA, GDPR, etc., and experience in ensuring compliance of both on-premise and cloud assets.
• Understanding of Network Protocols, Threat Profiles, DLP, SOAR, and encryption.
• Experience with network security assessments of on-premise and cloud-based applications but not limited to Firewalls, IPS & IDS Solutions
• Relevant certifications such as CEH, Comptia Security+ , GIAC Security Essentials (GSEC), Certified Incident Handler (GCIH) ,
  EC-Council Certified Security Analyst (ECSA) or equivalent are a plus.
• Participate in incident response activities, including forensic analysis and containment measures.