IT Security Engineer - SOC Audit & Compliance Analyst

Beghou Consulting is seeking a proactive SOC Audit & Compliance Analyst to join our team in Hyderabad (Madhapur). This hybrid role is crucial for enhancing our organization's security control maturity and audit posture. You will be the bridge between technical security operations and governance, ensuring SOC-related security controls are not only documented but demonstrably effective through continuous testing, evidence validation, and cross-functional collaboration. Your contribution will lead to proactive risk reduction, improved audit outcomes, and the embedding of a continuous compliance culture across IT and security teams. Success will be measured by audit readiness, control reliability, and the ability to translate complex technical operations into clear, defensible audit evidence.

Key Responsibilities:

SOC Audit & Compliance Support

• Support SOC 2 (Type I & Type II), future ISO 27001 readiness, and internal security audits related to SOC and IT operations.
• Map security and SOC controls to applicable frameworks including AICPA Trust Services Criteria and ITGCs.
• Coordinate and manage audit evidence collection from SOC, endpoint, identity, and infrastructure teams.
• Perform control design and operating effectiveness reviews for SOC-adjacent controls.
• Track audit findings, risks, and remediation actions through to closure.
• Maintain continuous audit readiness, moving beyond point-in-time compliance.

Vulnerability & Remediation Governance

• Partner with IT and GRC teams to support vulnerability management oversight.
• Review and validate vulnerability findings from Nessus scans.
• Track remediation of SLAs, compensating controls, and risk exceptions.
• Perform remediation validation testing post-patching or configuration changes.
• Produce vulnerability compliance metrics and audit-ready reports.

Endpoint & Device Security Compliance

• Support endpoint security control assurance across corporate devices using Microsoft Intune.
• Validate enforcement of: Device compliance policies, Security baselines, Patch and configuration standards.
• Support audit evidence related to: Device enrollment, Configuration compliance, Endpoint protection integration (e.g., Defender ecosystem).
• Partner with endpoint teams during audits to explain control design and operation.

Data Governance & Compliance Support

• Support data protection and information governance controls using Microsoft Purview.
• Assist in audits related to: Data classification and labelling, DLP policy enforcement, Retention and records management, Insider risk and audit logging.
• Validate evidence of operational effectiveness for Purview-based controls.
• Maintain compliance documentation related to data security and privacy controls.

Documentation & Stakeholder Coordination

• Maintain SOC-related policies, standards, procedures, and control narratives.
• Translate technical SOC and security processes into audit-ready documentation.
• Collaborate with: SOC Operations, Endpoint & IAM teams, Internal Audit, Risk & Compliance stakeholders.
• Prepare audit responses, management action plans, and status reporting.

Qualifications:

• 2–6 years of experience in information security, IT audit, SOC governance, or security compliance.
• Hands-on exposure to SOC audit or compliance activities.
• Working knowledge of: SOC 2 / ITGC concepts, Control testing and evidence collection.

Preferred Skills & Certifications:

• Familiarity with: ISO 27001, NIST CSF / 80053, AICPA Trust Services Criteria.
• Experience working with or supporting: Nessus (vulnerability scanning & remediation tracking), Microsoft Intune (device compliance / endpoint security assurance), Microsoft Purview (DLP, data classification, compliance tooling).
• Strong documentation, analytical, and stakeholder communication skills.
• Certifications (nice to have, not mandatory): CISA, ISO 27001 Foundation or LA, CRISC, Microsoft Security fundamentals.