Job
Description
Roles & Responsibilities: Triage alerts and analyze security events/logs for threats such as computer viruses, exploits, and malicious attacks. Use critical thinking to bring together information from multiple sources to determine if a threat is present. Conduct security incident response and investigation. Conduct comprehensive security assessments and risk analysis on existing systems and applications. Analyze web traffic for suspicious patterns and potential security breaches. Perform vulnerability assessments and penetration testing. Prepare and provide security documentation and evidence for internal and external audits, ensuring compliance with regulatory requirements and security standards. Stay abreast of the latest cybersecurity trends, threats, and technologies to proactively address emerging risks. Bachelor s degree in computer science, Information Technology, cybersecurity, or a related field. 3+ years of relevant experience. Proficiency in conducting risk assessments, vulnerability assessments, and penetration testing. Experience deploying and maintaining email security systems including anti-phishing, DLP, and encryption technologies to safeguard sensitive data and mitigate threats. Hands-on experience with security tools and technologies such as IDS/IPS, SIEM, and Penetration testing tools like Qualys/Tenable. Hands-on troubleshooting skills for security alerts related to Firewall (SonicWall & FortiGate), Microsoft Entra ID/O365, Windows and Linux Servers. Strong knowledge of GRC frameworks such as PCI-DSS ISO 27001:2022 & 9001:2015, SOC2 Type II CEH (Certified Ethical Hacker) AZ-500 Microsoft Azure Security Technoligies/Cloud Security Certifications with hands on experience Experience with evidence gathering for any of the compliances like PCI DSS, SOC2, HIPPA and ISO. Good understanding of the IT infrastructure architecture both on-prem and AWS and Azure clouds. Tools: Vulnerability management: Tenable, QualysGuard, Nessus Endpoint protection: Sophos, Bitdefender, Trend Micro, Windows Defender SIEM : Wazuh, DataDog, Splunk, Microsoft Sentinel, Sumo Logic Email Security : Zix email security, Exchange Online Protection, Defender for Office 365 Compliance standards : ISO ISMS, SOC2, PCI DSS, HIPAA Preferred: Any of the Certifications like - AWS Certified Security - Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), GIAC Certifications, or NIST Cybersecurity Framework (CSF)
