Information Security Analyst

We are seeking a skilled Information Security Analyst to join our team in Mumbai. This role is crucial for maintaining the security posture of our systems and networks.

About the Role

The Information Security Analyst will be responsible for the daily monitoring of systems and networks to detect security issues, installing and managing security software, meticulously documenting security incidents and breaches, and conducting security testing for our company's infrastructure. Key responsibilities include performing risk assessments, supporting business continuity planning, reviewing system configurations for compliance with security mandates, handling incident logging and reporting, managing security operations, and administering end-user security access.

Key Responsibilities:

• Identify and ensure the mitigation of information security risks across the organization.
• Evaluate projects to confirm adherence to proper security requirements and actively participate in corporate-wide information security project planning and documentation.
• Assist with internal and external IT audits, including data collection, review, and the recommendation of efficient and effective control measures.
• Review requests for compliance with security policies, ensuring correct execution.
• Identify security incidents and execute rapid response to contain risks.
• Maintain the integrity of security controls, supporting their updates and utilization.
• Develop and analyze comprehensive security reports, escalating security incidents to compliance staff and department leadership.
• Monitor audit systems to identify security violations, vulnerabilities, and unusual activities.
• Develop and maintain a robust security control framework, encompassing policies, standards, practices, and guidelines.

What You'll Need to Succeed:

Technical Skills & Knowledge:

• Solid understanding of security controls, including access control, auditing, authentication, encryption, integrity, physical security, and application security.
• Proficiency in operating systems such as Linux and Windows environments.
• Experience with Active Directory, encryption schemas and algorithms, and various authorization/authentication mechanisms.
• Expertise in network monitoring, sniffing, TCP/IP networking, and threat and vulnerability management.
• Hands-on experience with vulnerability scanners, vulnerability management systems, patch management, and host-based security systems.
• Strong knowledge of networking principles and common network protocols.
• Demonstrated ability to create scripts for process automation using PowerShell, Python, or Bash.
• Proven ability to perform static and dynamic malware analysis.
• Strong analytical skills for dissecting large datasets and identifying anomalies.
• Ability to quickly develop and deploy countermeasures under pressure.
• Familiarity with common infrastructure systems for security enforcement.
• Experience with cloud technologies (AWS, Azure, SaaS) is highly desired, with a preference for Oracle's OCI.
• Proficiency in analyzing internal vulnerability data, threat intelligence, and other sources to facilitate large-scale tracking and remediation.

Soft Skills & Qualifications:

• Excellent interpersonal skills for building effective, collaborative relationships to achieve work goals.
• Project management skills are a plus.
• Ability to translate data into actionable reports for tracking and remediation.
• A minimum of 3-5 years of experience in security-related fields or related disciplines.
• A degree in Information Technology, Computer Science, or a related field is highly desirable.
• Relevant certifications such as CISSP, CISM, CEH, or CompTIA Security+ are highly desired.

This is an intermediate professional role requiring moderate skills with a high level of proficiency. You will work under general supervision with considerable latitude for independent judgment. You will be expected to identify non-routine issues and escalate them appropriately, manage multiple concurrent projects of medium complexity, contribute to complex projects, share ideas, and suggest process improvements. Consultation with senior peers on complex processes is encouraged for learning and development.