Senior Security Analyst (Cyber Security) | LINUX EXP | Night shift - Work Onsite
SENIOR SECURITY ANALYST (CYBER)
Work for our global clients and immerse in our rich and diverse company culture where you can thrive, grow and just be aweSOme! Apply now and discover the Satellite Office Candidate Experience – recognized as one of BEST among BPO companies worldwide.
WHAT IS A/AN SENIOR SECURITY ANALYST (CYBER)?- Information Security Management:
o Conduct regular security assessments and vulnerability scans to identify potential risks and weaknesses in our information systems.
o Implement and maintain security controls to protect against unauthorized access, data breaches, and other security threats.
o Monitor security events and incidents, analyze security logs, and respond to security breaches promptly.
o Assist in the development, testing, and enforcement of security policies, procedures, and guidelines.
o Collaborate with IT teams to ensure secure configurations of systems, applications, and network devices.
o Stay up-to-date with the latest security technologies, trends, and best practices to continually improve our security posture.
WHAT WILL BE YOUR MAIN RESPONSIBILITIES?- Compliance and Regulation:
o Ensure compliance with relevant industry standards, laws, regulations, and contractual obligations (e.g., GDPR, HIPAA, ISO 27001, PCI DSS).
o Conduct compliance assessments and audits to validate adherence to security standards and requirements.
o Prepare reports and documentation for internal and external stakeholders to demonstrate compliance.
o Collaborate with legal and regulatory affairs teams to interpret and implement applicable data protection and privacy laws.
o Provide guidance to internal teams on compliance-related matters and assist in remediation efforts when needed.- Risk Assessment and Mitigation:
o Identify, assess, and prioritize information security risks based on the potential impact and likelihood of occurrence.
o Develop risk mitigation strategies and recommendations to enhance overall security posture.
o Work with business units to ensure that security measures align with business objectives and are properly integrated into their processes.- Training and Awareness:
o Conduct security awareness training sessions for employees to promote a security-conscious culture.
o Educate staff on security policies, best practices, and procedures to reduce human-related security risks.- Testing, Incident Response, and Forensics:
o Conduct application and environment tests for new and emerging security threats and vulnerabilities.
o Participate in incident response activities and support investigations into security incidents.
o Assist in collecting evidence, conducting forensic analysis, and preparing incident reports.
WHAT ARE WE LOOKING FOR?- Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISA, or CISM are a plus.
- Proven experience in information security, compliance, or a related field.
- Strong knowledge of security frameworks, such as NIST, CIS, or ISO 27001.
- Familiarity with regulatory requirements and privacy laws (e.g., GDPR, HIPAA, etc.).
- Understanding of risk assessment methodologies and risk management practices.
- Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, etc.
- Excellent analytical and problem-solving skills with attention to detail.
- Effective communication and collaboration skills to work with cross-functional teams.
- Ability to stay abreast of industry trends and emerging security threats.
- Proven skills in application and environment security, exploit, and vulnerability testing
Relevant Technologies and Skills:
- Experience in Privacy Management and regulation. GDPR, CPRA, CCPA, etc.
- Experience with AWS and Azure Cloud.
- Experience with Firewalls, Load Balancers, WAFs, VPN concentrators.
- Experience with hardening standards for servers, desktops, laptops, networking devices.
- Experience with Pen Tests and Vulnerability Scans.
- Understanding of malware, network threats, attack vectors, incident response.
- Information security issues in an open, highly distributed networked environment.
- Enterprise Intrusion Prevention Systems.
- The secure use and system administration of desktop and server operating systems.
- Internet protocols and data formats such as HTTP, TLS, SSL, HTML, and XML.
- Database technologies such as Elasticsearch, SQL, or Oracle.
- Identification and authentication technologies.
- Knowledge of cloud, container-based and virtualization architectures.
- Encryption techniques, algorithms, and approaches.
- Higher education or government agency information security experience
- Experience handling and protecting information at a variety of sensitivity levels
- Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, ISO, and NIST
- Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc, a plus