Information Security Analyst

Position: Information Security Analyst

Location: Mumbai, India

About LRN:

LRN is the world's leading dedicated ethics and compliance SaaS company, helping more than 30 million people every year navigate complex regional and global regulatory environments and build ethical, responsible cultures. With over 3,000 clients across the US, EMEA, APAC, and Latin America—including some of the world's most respected and successful brands—we're proud to be the long-term partner trusted to reduce organizational risk and drive principled performance.

Named one of Inc Magazine's 5000 Fastest-Growing Companies, LRN is redefining how organizations turn values into action. Our state-of-the-art platform combines intuitive design, mobile accessibility, robust analytics, and industry benchmarking—enabling organizations to create, manage, deliver, and audit ethics and compliance programs with confidence. Backed by a unique blend of technology, education, and expert advisement, LRN helps companies turn their values into real-world behaviors and leadership practices that deliver lasting competitive advantage.

About the role:

The Security Analyst Associate is responsible for protecting organizational information by identifying and addressing security vulnerabilities across applications and networks. The role focuses on ensuring data confidentiality, integrity, and availability through regular security assessments and implementation of robust controls. Working collaboratively with development and infrastructure teams, the analyst helps maintain a strong and compliant security framework.

Requirements

What you'll do:

• Handson expertise in web, mobile, API, and network vulnerability assessment and penetration testing, including SAST (Static) and DAST (Dynamic Application Security Testing).

• Strong ability to

  identify, exploit, and demonstrate vulnerabilities

  through

  proof-of-concepts (POCs)

  .
• Proficiency with tools such as

  Kali Linux, Nmap, Metasploit, Burp Suite

  , etc.
• Working knowledge of

  Java, JavaScript, Node.js, Python

  , and

  code-level security review

  .
• Familiarity with

  AWS Cloud Security

  ,

  firewalls

  ,

  IDS/IPS

  , and

  DLP

  solutions.
• Understanding of

  AI Security concepts

  , including

  ML model threats, prompt injection, data poisoning, and model hardening techniques

  .
• Strong understating of

  OWASP Top 10

  ,

  Information Security principles

  , and

  risk management frameworks

  .
• Experience

  analyzing vulnerabilities

  , driving

  remediation efforts

  , and collaborating with

  development and infrastructure teams

  .
• Exposure to

  client due diligence processes

  related to

  product security and compliance

  .
• Good knowledge of

  ISO 27001

  and

  SOC 2

  standards;

  experience in supporting audits is preferred

  .

• CEH, OSCP

  , or similar certification preferred.

• Passionate, self-driven, and ethical hacker mindset

  with a focus on continuous learning, innovation, and cybersecurity excellence

What we're looking for:

• Bachelor's degree in

  Computer Science, Information Technology, or related field

  (or equivalent experience).
• 2-3 years of

  hands-on experience

  in

  Application and Network Security

  .
• Strong skills in

  Web, Mobile, API, and Network Vulnerability Assessment & Penetration Testing (VAPT)

  .
• Experience with

  SAST

  and

  DAST

  security testing tools.
• Proficiency in tools like

  Kali Linux, Burp Suite, Nmap, Metasploit

  , etc.
• Good understanding of

  OWASP Top 10

  and

  information security best practices

  .
• Understanding of

  cloud security concepts

  , preferably in

  AWS environments

  .
• Knowledge of

  ISO 27001

  ,

  SOC 2

  , and other relevant

  security standards and frameworks

  .

Benefits

• Excellent medical benefits, including family plan
• Paid Time Off (PTO) plus India public holidays 
• Competitive salary
• Combined Onsite and Remote Work

LRN is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.