Job Description:

We are seeking an experienced IT Security Analyst to join our team. The ideal candidate will have a strong background in IT security, with hands-on experience in IT Audit, Vulnerability Assessment and Penetration Testing (VAPT), and a solid understanding of security protocols and tools. This role requires a proactive individual who can identify and mitigate security risks and ensure the integrity of our systems.

Key Responsibilities:

• Conduct IT/IS Audits: Plan, execute, and manage IT/IS audits to assess the security posture of the organization. Ensure compliance with industry standards and regulatory requirements.
• VAPT Audits: Perform Vulnerability Assessment and Penetration Testing (VAPT) to identify security vulnerabilities. Use industry-standard tools like ZAP, Acunetix, and other open source tools like Nessus, Metasploit etc to perform comprehensive security assessments.
• Security Risk Assessment: Identify, analyze, and prioritize security risks and vulnerabilities. Develop and implement strategies to mitigate identified risks.
• Security Monitoring: Monitor and analyze security alerts and events to detect and respond to potential security incidents. Ensure that security monitoring systems are optimized and functioning effectively.
• Incident Response: Lead and coordinate re sponse efforts for security incidents. Perform root cause analysis and develop strategies to prevent recurrence.
• Security Policy Development: Assist in the development, implementation, and enforcement of security policies, procedures, and guidelines.
• Collaboration: Work closely with IT and other departments to ensure that security controls are integrated into all aspects of the organization’s operations.
• Compliance: Ensure that the organization complies with relevant security standards and regulations, including PCI-DSS, ISO 27001, SOC2 and others as applicable.
• Multi-Task Attitude: Candidate must have eager to learn more and have the passion to work out of his field.

Qualifications:

• Education: Bachelor’s degree in Information Technology, Computer Science, or a related field. A Master’s degree is a plus.
• Experience: 5+ years of experience in IT security, with a focus on IT/IS Audit and VAPT.
• Any one of the below certifications is a MUST:
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • Information Security Management System Lead Auditor (ISMS LA)
• Technical Skills:
  • Proficiency in VAPT audit tools like ZAP, Acunetix, Nessus, etc.
  • Experience in red teaming, offensive security, grey and black-box testing, etc.
  • Strong understanding of network security, firewalls, IDS/IPS, and endpoint protection.
  • Knowledge of scripting languages (e.g., Python, PowerShell) for automation of security tasks is a plus.
• Soft Skills:
  • Excellent analytical and problem-solving skills.
  • Strong communication and interpersonal skills.
  • Ability to work independently and as part of a team.
  • Detail-oriented with a strong focus on accuracy and quality.

Preferred Experience:

• Experience with cloud security (AWS, Azure, GCP).
• Familiarity with regulatory requirements and standards such as GDPR, HIPAA, SOX, etc.
• Experience in conducting or participating in red team/blue team exercises.