Information Security Analyst

Job Description

As an Information Security Analyst, you will be responsible for protecting the organization's sensitive information from cyber threats. You will analyze security measures, identify vulnerabilities, and develop strategies to mitigate risks. Additionally, you will monitor network activity, investigate security breaches, and implement security protocols.

Responsibilities

• Conduct comprehensive VA/PT across IT Infrastructure including Servers, Web Applications, APIs, and mobile applications.
• Conduct through analysis on current state and future state assessments of IT Infrastructure through Active directory, Servers, Cloud technologies, Networking, Endpoint security, Email security, Office365 and perimeter security.
• Conduct penetration testing for iOS and Android applications to uncover platform-specific vulnerabilities.
• Investigate security incidents and breaches
• Collaborate with application engineers during the development and deployment of new applications to implement security design and controls through the stages of Software Development Life Cycle (SDLC)
• Conducting technical due diligence on new applications including assessing their architecture, performance, scalability, and compliance with security standards.
• Perform annual due diligence reviews on the prior conducted due diligences, for deployed applications.
• Identifies and documents information security risks and proposes mitigating controls.
• Maintain the ISMS documentation and processes required for ISO 27001
• To adhere to Green IT policy and apply environmentally friendly practices in daily work routine.
• 
  

Candidate Requirements

• Minimum 5 years of hands-on experience in offensive security.
• Knowledge of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25) and their remediation strategies.
• Proficiency in SAST, DAST, and mobile penetration testing methodologies.
• Certifications like OSCP, GWAPT, CEH, or similar are preferred but not mandatory.
• Proven experience conducting secure and quality code reviews.
• Basic coding experience in languages such as Python, Java, JavaScript, or similar.
• Familiarity with tools like SonarQube, Checkmarx, Burp Suite, or similar is preferred.
• Strong understanding of secure SDLC.
• Strong analytical and problem-solving skills.
• Ability to work collaboratively in a team environment and communicate effectively with technical and non-technical stakeholders.
• Basic MS Office documentation tools.
• Presentation skills.