System Security Analyst

Role & responsibilities

We are seeking a skilled and experienced IT Security Professional with a primary focus on Application Level Security and a solid understanding of Server Level Security. The ideal candidate will be responsible for ensuring the security of our software applications and underlying servers, safeguarding against threats, vulnerabilities, and unauthorized access. This role requires a deep knowledge of security practices, the ability to assess and mitigate risks, and collaboration with development and operations teams to integrate security into the software development lifecycle (SDLC).

Key Responsibilities:

1. Application Level Security:

•

• Implement secure coding practices and review application code for security flaws.

• Perform penetration testing on applications to identify and rectify security vulnerabilities.

• Develop and maintain security controls within applications to prevent unauthorized access, data breaches, and other cyber threats.

• Collaborate with development teams to ensure security is integrated into the software development lifecycle (SDLC).

• Implement and manage application firewalls, security gateways, and encryption technologies.

• Strong understanding of network security, web application security, API Security across public and private networks.

• Experience in Black Box and Gray Box testing with the capability of finding business logic vulnerabilities

• Knowledge in performing VAPT as per OWASP Top 10 and SANS Top 25 including Broken Access Controls, SQL Injection, Security Misconfiguration, Cross-Site Scripting, CSRF, and authentication/authorization issues. Proficient in both manual and automated tool-based testing for these vulnerabilities.

Tools Awareness

• Nmap, Nessus, SSL Scan, burp Suite, SQL map, OWASP ZAP, Metasploit, Wireshark, Kali-Linux, Nikto, Nipper, Postman, Dir buster, etc .

2. Server Level Security:

•

• Implement and manage server security measures, including firewalls, intrusion detection systems (IDS), and security patches.

• Conduct regular security audits and vulnerability assessments on server infrastructure.

• Monitor server logs and alerts to detect and respond to potential security incidents.

• Collaborate with system administrators to ensure servers are configured securely and comply with industry standards.

• Understanding of OSI Layer, TCP/IP, IPv4 & IPv6 and various Network Protocols. Good knowledge of firewalls, intrusion detection and prevention systems (IDS/IPS), and network segmentation.

3. Risk Management and Compliance:

•

• Ensure compliance with relevant security standards, regulations, and best practices (e.g., OWASP, ISO 27001, PCI-DSS).

• Maintain and update security policies, procedures, and documentation related to application and server security.

• Participate in incident response activities, including investigating security breaches and implementing corrective actions.

4. Security Awareness and Training:

•

• Stay up-to-date with the latest security trends, vulnerabilities, and technologies.

• Provide guidance and support to other IT teams on security best practices.

5. Continuous Improvement:

•

• Evaluate and implement new security tools, technologies, and methodologies to enhance security.

• Participate in security research and development initiatives to advance the organizations security capabilities.

Qualifications:

•

• Minimum of 1+ years of experience in IT security, with a focus on application security and server security.

• Strong knowledge of security frameworks and standards (e.g., OWASP, NIST, CIS).

• Hands-on experience with security tools such as web application firewalls, IDS/IPS, vulnerability scanners, and encryption technologies.

• Proficiency in secure coding practices and experience with programming languages such as Java, Python, or C#.

• Experience with cloud security and securing applications in cloud environments (AWS, Azure, Google Cloud) is a plus.