IT Security Analyst

Job Description:

We are seeking an experienced IT Security Analyst to join our team. The ideal candidate will have a strong background in IT security, with hands-on experience in IT/IS Audit, Vulnerability Assessment and Penetration Testing (VAPT), and a solid understanding of security protocols and tools. This role requires a proactive individual who can identify and mitigate security risks and ensure the integrity of our systems.

Key Responsibilities:

• Conduct IT/IS Audits: Plan, execute, and manage IT/IS audits to assess the security posture of the organization. Ensure compliance with industry standards and regulatory requirements.
• VAPT Audits: Perform Vulnerability Assessment and Penetration Testing (VAPT) to identify security vulnerabilities. Use industry-standard tools like ZAP, Acunetix, and other open source tools like Nessus, Metasploit etc to perform comprehensive security assessments.
• Security Risk Assessment: Identify, analyze, and prioritize security risks and vulnerabilities. Develop and implement strategies to mitigate identified risks.
• Security Monitoring: Monitor and analyze security alerts and events to detect and respond to potential security incidents. Ensure that security monitoring systems are optimized and functioning effectively.
• Incident Response: Lead and coordinate response efforts for security incidents. Perform root cause analysis and develop strategies to prevent recurrence.
• Security Policy Development: Assist in the development, implementation, and enforcement of security policies, procedures, and guidelines.
• Collaboration: Work closely with IT and other departments to ensure that security controls are integrated into all aspects of the organizations operations.
• Compliance: Ensure that the organization complies with relevant security standards and regulations, including PCI-DSS, ISO 27001, SOC2 and others as applicable.
• Multi-Task Attitude: Candidate must have eager to learn more and have the passion to work out of his field.

Qualifications:

• Education: Bachelor's degree in Information Technology, Computer Science, or a related field. A Masters degree is a plus.
• Experience: 5+ years of experience in IT security, with a focus on IT/IS Audit and VAPT.
• Any one of the below certifications is a MUST:
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Information Security Management System Lead Auditor (ISMS LA)
• Technical Skills:
• Proficiency in VAPT audit tools like ZAP, Acunetix, Nessus, etc.
• Experience in red teaming, offensive security, grey and black-box testing, etc.
• Strong understanding of network security, firewalls, IDS/IPS, and endpoint protection.
• Knowledge of scripting languages (e.g., Python, PowerShell) for automation of security tasks is a plus.
• Soft Skills:
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Detail-oriented with a strong focus on accuracy and quality.

Preferred Experience:

• Experience with cloud security (AWS, Azure, GCP).
• Familiarity with regulatory requirements and standards such as GDPR, HIPAA, SOX, etc.
• Experience in conducting or participating in red team/blue team exercises.