eSec Forte Technologies - Information Security Consultant (2-5 yrs)

We are seeking an enthusiastic and detail-oriented Information Security Consultant to join our team.

The ideal candidate will have foundational experience in information security processes and concepts, with a strong understanding of risk management, cloud security, and regulatory compliance frameworks.

This role involves ensuring the security and integrity of IT systems, processes, and data while assisting in the implementation of security policies and controls.

Key Responsibilities :

- Assist in identifying, assessing, and mitigating vulnerabilities across IT systems.

- Participate in incident response activities, including root cause analysis and resolution.

- Maintain detailed documentation and reports related to vulnerability and incident management.

- Understand and support the process for deploying patches and updates.

- Collaborate with IT teams to ensure changes are documented, tested, and implemented securely.

- Monitor and ensure adherence to access control policies.

- Support periodic reviews of access permissions and resolve discrepancies.

- Understand the functionality of firewalls, WAFs (Web Application Firewalls), DLP (Data Loss Prevention) systems, and ITSM (IT Service Management) tools.

- Support Active Directory administration and MFA (Multi-Factor Authentication) implementations.

- Assist in the development and maintenance of Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.

- Support the execution and evaluation of BCP/DR drills, ensuring compliance with requirements.

- Gain understanding of third-party attestations like SOC 1, SOC 2, ISAE 3000, and ISAE 3402.

- Assist in preparing evidence and ensuring alignment with attestation requirements.

- Understand and apply cloud security principles across SaaS, PaaS, and IaaS platforms.

- Assist in evaluating and mitigating cloud-specific security risks.

- Support the risk management lifecycle, including identification, assessment, and mitigation strategies.

- Collaborate with vendors to ensure adherence to security requirements and best practices.

- Assist in the identification and implementation of strategies to mitigate security risks.

- Ensure compliance with security policies and regulatory requirements.

Skills and Qualifications :

- Bachelor's degree in computer science, Information Security, or a related field.

- Knowledge of vulnerability management and incident management processes.

- Familiarity with patch and change management workflows.

- Understanding of access control principles and practices.

- Exposure to firewalls, WAF, DLP, ITSM tools, and Active Directory.

- Basic knowledge of API integration and MFA implementations.

- Understanding of cloud security models (SaaS, PaaS, IaaS).

- Familiarity with BCP/DR processes and related artifacts.

- Understanding of third-party attestations like SOC 1, SOC 2, ISAE 3000, and ISAE 3402.

- Knowledge of Third-Party Risk Management (TPRM) processes and mitigation strategies.

- Basic understanding of the risk management lifecycle.

- Strong analytical and problem-solving skills.

- Excellent communication and documentation abilities.

- Ability to work collaboratively in a team environment.

- CompTIA Security+, CEH (Certified Ethical Hacker), or any relevant cybersecurity certification.

- Certifications in cloud security (e.g, AWS Certified Security Specialty, Azure Security Engineer Associate).

- Opportunity to work with experienced cybersecurity professionals.

- Exposure to cutting-edge security tools and technologies.

- Professional growth and learning opportunities in a dynamic environment.

- Comprehensive training in regulatory and compliance frameworks