Security Analyst

Job Title

Job Summary

We are seeking a motivated and detail-oriented Security Analyst with foundational to intermediate experience in application and cloud security. The ideal candidate will support our security initiatives including application vulnerability assessments, cloud infrastructure security reviews, DevSecOps practices, and compliance activities such as ISO 27001 and SOC 2. This role also involves cross-functional coordination with development, infrastructure, audit, and vendor teams to ensure end-to-end security posture and risk mitigation.

Key Responsibilities

1. Application Security

• Perform application vulnerability scans using automated tools (e.g., SAST, DAST).
• Review scan results, prioritize findings based on criticality, and coordinate with developers for remediation.
• Educate and guide development teams on secure coding practices and vulnerability remediation steps.
• Maintain and update vulnerability management trackers and ensure timely closure of findings.
• Coordinate with external vendors and internal stakeholders for periodic VAPT exercises.
• Support load testing and performance testing activities from a security perspective.

2. Cloud & Infrastructure Security

• Conduct infrastructure vulnerability scanning across cloud and on-premise environments.
• Work closely with internal teams (server, cloud, infra) to ensure timely remediation of findings.
• Recommend and enforce security best practices in CI/CD pipelines, servers, and cloud infrastructure.
• Validate security control implementations and conduct periodic audits to ensure compliance.
• Assist in hardening initiatives and continuous improvement of cloud security posture (AWS preferred).

3. Security Governance, Risk & Compliance

• Assist in the implementation and ongoing maintenance of ISO 27001 and SOC 2 frameworks.
• Support internal and external audits by providing relevant evidence and documentation.
• Maintain up-to-date security documentation including policies, procedures, and audit records.
• Track and report compliance status and identify any gaps requiring corrective actions.

4. Vendor Risk Management

• Conduct security assessments for third-party vendors based on internal policies and standards.
• Coordinate with procurement, business, and vendor teams to complete security due diligence.
• Maintain a vendor risk register and follow up on any open security gaps or mitigations.

Requirements

Must-Have Skills

• Foundational to moderate experience in application security and vulnerability management.
• Exposure to tools such as OWASP ZAP, Burp Suite, Nessus, Qualys, or similar.
• Basic to intermediate understanding of cloud infrastructure, preferably AWS.
• Familiarity with CI/CD pipelines and DevSecOps practices.
• Understanding of ISO 27001, SOC 2 compliance frameworks and internal audit process.
• Experience in documentation, tracking, and reporting compliance status.

Good to Have

• Basic scripting or automation knowledge for security tasks.
• Hands-on experience with infrastructure-as-code (e.g., Terraform, CloudFormation).
• Exposure to GRC platforms or ticketing tools (e.g., ServiceNow, Jira).
• Understanding of performance and load testing tools and their relevance to security.

Soft Skills

• Strong communication skills to work with developers, auditors, and vendors.
• Ability to multitask and handle multiple priorities in a dynamic environment.
• Analytical mindset with attention to detail.
• Team player with a proactive and learning attitude.

Education & Certifications

• Bachelor's degree in Computer Science, IT, EC, Cyber Security,  Information Security, or a related field.
• Certifications preferred but not mandatory:
  
• CompTIA Security+, AWS Certified Cloud Practitioner, ISO 27001 LA/IA, or equivalent.

  Role & responsibilities

Preferred candidate profile