Security Analyst

Security Analyste for application support responsible  for safeguarding software applications and their infrastructure.Security analysts are experts who identify and fix problems within security systems by analyzing risks, vulnerabilities, threats and incidents. They perform a ton of security analyses to recommend solutions for preventing cyberattacks. 
Key duties include identifying vulnerabilities through VA, PT ,security patching assessments enforcing secure coding standards, implementing security controls and responding effectively to security incidents. Ensure to work closely with developers, testers, and security teams and customers to ensure applications are designed and deployed securely, complying with industry standards and regulations. Participate in audits and compliance efforts (e.g., SOX, ISO, NIST, PCI).

Technical Skills:

•    Applying Incident Response Frameworks and Handling Procedures. •    Information security, compliance, assurance, and/or other security best practices and principles. •    Possessing and fostering an inquisitive mindset amongst team members. •    Assist in policy and process development related to vulnerability and patch management. •    participate in audits and compliance efforts (e.g., Internal security audit ,application Security audit etc.. ). •    Security Systems Documentation – Create and maintain technical and operational documentation of in-scope security systems to ensure knowledge transfer and continuity.                    

•    Analyse vulnerability scan results from tools like Tenable, Qualys, or Rapid7 to identify security weaknesses across infrastructure and applications.
•    Prioritize vulnerabilities using multiple criteria, including CVSS, KEV (Known Exploited Vulnerabilities), EPSS (Exploit Prediction Scoring System), asset criticality, and business context. •    Partner with IT and Businesss teams to track remediation progress and provide technical guidance on mitigation strategies. •    Monitor threat intelligence feeds to correlate vulnerabilities with current exploit activity. •    Create and maintain vulnerability metrics, dashboards, and reports for leadership and compliance teams. •    Support vulnerability assessment activities in cloud environments (AWS, Azure, etc.). •    Maintain documentation related to the vulnerability management lifecycle. •    Develop a set of security controls to mitigate the risks identified  •    This could include implementing security software and improving physical security measures. •    Document the risk assessment results, including all assets, threats, vulnerabilities, and security controls.  •    Develop a detailed plan to address all identified risks and vulnerabilities.  •    Monitor the effectiveness of the remediation plan and analyse security metrics to adjust as necessary for the ongoing protection of assets. •    Assist in policy and process development related to vulnerability and patch management.