Security Analyst Jobs

Responsibilities

• Able to work with application team and understand the requirements for application.

• Able to drive and facilitate discussion and meetings between application team and external vendor.

• Review and analyse vulnerability data from various sources (infra scan, app scan, container scan etc) to identify security risks to the organization's environment and application security and determine any reported vulnerabilities that are false positive part of the scans

• Work with Application team with API Security, Container Security, Azure Cloud Security.

• Work closely with application development team to proactively review the issues identified from source code review and penetration test and drive the remediation discussion and execution

• Work with infrastructure team and vendor on vulnerabilities detected during scanning and driving remediation.

• Collaborate with application/database/network/infrastructure team to identify critical vulnerability and/or track and follow up the application of fixes/patches.

• Responsible for automating security controls, data and processes to provide improved metrics and operational support.

• Generate weekly report and drive remediation thru regular cadence.

• Actively track and follow up on penetration testing vulnerability identified and ensure timely remediation

Qualifications

• Min. 4 of experiences of information security domain, especially hands on experience for source code review and penetration test

• Proficiency and hands on experience in either Java/JavaScript Programming and Bash, Python or other scripting languages etc

• Experience with working on open-source software related to Intrusion Detection, Prevention, and File Integrity Monitoring Systems and Flow based solutions – a plus

• Experience coordinating and performing vulnerability assessments through the use of automated and manual tools a plus.

• Experience configuring, implementing, and leveraging computer security and networking diagnostic/monitoring tools. – a plus

• Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc) – a plus

• Good interpersonal and communication skill

• Good team player with a high integrity, proactive mindset, and strong ownership

• Familiar with privilege user ids operation/management.

• Product knowledge on Cloud scanning and vulnerabilities an added advantage.

• Knowledge of Cloud security and architecture such as Container level, Cluster level, Repo etc. Preferably with experience in Azure.

Education:

University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems)

Certifications/licenses:

• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CEH, GPEN, GWPT etc