Ict Information Security Analyst

We are seeking an experienced and highly skilled Information Security Analyst to join our organization. As an Information Security Analyst, you will be responsible for ensuring the confidentiality, integrity, and availability of our organization's information assets. You will play a crucial role in identifying and mitigating security risks, implementing effective security measures, and ensuring compliance with industry best practices and regulatory requirements. This position is permanent employment.

Duties & Responsibilities

• Develop and maintain information security policies, procedures, and standards to ensure compliance with industry regulations and best practices.
• Monitor and respond to security incidents, conducting thorough investigations and implementing appropriate remediation measures.
• Collaborate with cross-functional teams to ensure security is integrated into the design and development of systems, applications, and infrastructure.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry trends to proactively address potential risks.
• Implement and manage security controls, including firewalls, intrusion detection and prevention systems, encryption mechanisms, and access controls.
• Works with internal customers to interpret/clarify/implement security requirements and any changes in the current security practice.
• All other duties as assigned.
• Perform risk assessments and provide recommendations for improving the security posture of the organization.
• Analyze security alerts and logs to detect and investigate potential security incidents.
• Continuous improvement of the security defense capabilities.
• Assist in the development and implementation of disaster recovery and business continuity plans.
• Conduct regular security assessments and vulnerability scans to identify potential weaknesses or security breaches.
• Conduct security awareness and training programs for employees to promote a culture of security awareness and compliance.
• Involve in ISO 27001 implementation activities.

Skills & Qualifications

• Familiarity with identity and access management (IAM) concepts, including user provisioning, role-based access control (RBAC), and multi-factor authentication (MFA).
• Strong analytical and problem-solving skills with the ability to quickly identify and resolve security issues.
• Strong knowledge of network protocols, including TCP/IP, DNS, DHCP, HTTP, SSL/TLS, and VPN.
• Experience with security incident response, including incident detection, containment, eradication, and recovery.
• Understanding of risk management principles and methodologies.
• Experience in utilizing common SIEM (Security Information and Event Management) tools such as Splunk, Sentinel, or QRadar to collect, analyze, and correlate security logs and events.
• Working experience in ITSM ticketing tools is an added advantage.
• Familiarity with secure configuration and hardening of various operating systems, databases, and network devices.
• Up-to-date knowledge of emerging security threats and trends.
• Experience with vulnerability scanning tools, such as Nessus, Qualys, or Rapid7, to identify and assess security vulnerabilities in systems, networks, and applications.
• Proficiency in performing security assessments and audits to identify vulnerabilities and recommend remediation measures.
• Experience with data encryption technologies, such as disk encryption, file-level encryption, and data-at-rest encryption.
• Understanding of web application security, including common vulnerabilities (OWASP Top 10) and secure coding practices.
• Knowledge of secure network architecture design principles, including network segmentation, DMZ configuration, and secure remote access.
• Knowledge of cloud security principles and experience working with cloud platforms, particularly Microsoft Azure, including familiarity with Azure Active Directory (Azure AD) and its security features.
• Familiarity with security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls.
• Proficiency in securing web applications and familiarity with common web application vulnerabilities, such as cross-site scripting (XSS), SQL injection, and session hijacking.
• Ability to conduct digital forensics and incident investigation to identify the root cause and impact of security incidents.
• Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels of the organization.
• Understanding of Active Directory (AD) and its security configurations, including group policies, permissions, and authentication mechanisms.
• Proficient in log analysis and monitoring tools to detect and respond to security events.

Requirements

• Minimum 2 Years working experience as an Information Security Analyst or in a similar role.
• Security certification like Security+, CCNA Security, CCNP Security, GIAC, CompTIA, CEH, CHFI or similar (desirable).
• Bachelor’s degree in computer science, or equivalent work experience.