Burns & McDonnell•46d ago
Naukri
Information Security Analyst
Bengaluru
Senior Level
Full Job Description
At Burns & McDonnell's Engineering India center in Bengaluru, our Information Security program is dedicated to safeguarding the company's data, systems, and employees from the ever-evolving landscape of cyber threats. We are committed to continually reducing cybersecurity risks through proactive measures and expert analysis. As a Senior Information Security Analyst specializing in Incident Response, you will be a subject matter expert, instrumental in evaluating our overall security posture. Your role will involve assessing and identifying vulnerabilities, analyzing associated risks, and proposing effective solutions for mitigation.
Key Responsibilities:
- Risk Assessment: Conduct comprehensive and regular assessments of the organization's cybersecurity measures to pinpoint vulnerabilities and assess risks.
- Monitoring and Analysis: Utilize a variety of advanced tools to monitor networks and systems for potential security breaches or intrusions. Perform in-depth analysis of security incidents to understand their root causes and facilitate effective response.
- Incident Response: Take a pivotal role in responding to security incidents and breaches. This includes actively assisting with investigations, containment, and remediation efforts to minimize impact.
- Reporting: Prepare detailed and clear reports on security issues, including summaries of breach incidents, current risk status, and actionable recommendations for improvement.
- Policy Development Support: Contribute to the development and updating of the organization's security policies and procedures, informed by your findings and the dynamic threat landscape.
- Training: Execute security awareness training programs, particularly focusing on phishing campaign education to enhance employee vigilance.
- Perform all other assigned duties as required to support the Information Security program.
Qualifications:
- Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology, or a closely related field.
- Minimum of 8 years of professional experience in Information Security.
- Possession of a relevant Information Security certification such as CISSP, GSEC, or Security+.
- Demonstrated expert knowledge in two or more Information Security technologies from the following list: EDR, IPS, SIEM, SOAR, CASB, CAASM, IAM, PAM, NAC, MFA, and DLP.
- Broad understanding of fundamental network and security protocols, including DNS, SPF/DKIM/DMARC, SSL/TLS, TCP/UDP, and IPSec.
- Experience with industry-standard frameworks such as CIS Critical Security Controls, OWASP Top 10, and the MITRE ATT&CK framework.
- Demonstrated knowledge and practical experience in securing cloud environments, including Azure, AWS, and GCP.
- Broad experience and familiarity with core Information Technology infrastructure components such as routers, load balancers, web application gateways, PKI, and Active Directory.
- Demonstrated knowledge of prominent compliance frameworks like ISO 27001, SOC 2, NIST, and FedRAMP.
- Proven ability to evaluate cybersecurity risks and articulate proposed risk mitigations to both technical and non-technical audiences.
- Highly effective oral and written communication skills, with a proven ability to convey complex security concepts and risks to non-technical personnel clearly and concisely.