Information Security Analyst

JOB OVERVIEW

Reporting to the Compliance and Security Manager, the Information Security Analyst plays a key role in planning, implementing, upgrading, and monitoring security protocols for the protection of the organization’s computer networks and safeguarding of information. MUST be able to perform MANUAL PENETRATION analysis with command line tools and have a strong understanding of infrastructure technology!

RESPONSIBILITIES

Penetration Testing:

Conduct Penetration & Vulnerability Tests: Perform thorough and methodical penetration testing on web applications, network infrastructures, and other systems to identify security vulnerabilities with automated tools and manual assessments. Conduct regular internal Red Team engagements.

Using scripting languages automate exploitations various vulnerabilities using diverse command line tools.

Develop and Execute Test Plans: Design and execute detailed test plans. Ensure penetration testing practices comply with relevant regulations, standards, and organizational policies.

Continuous knowledge update on industry best practices: Research and keep up to date with the latest security trends, vulnerabilities (cves), and tools to ensure testing methodologies are current and effective. Utilize latest technology to protect information.

Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders.

Prepare comprehensive reports with recommendations for remediation.

Tools: Being able to perform vulnerability scans and exploiting them using manual command line tools like Nmap and Metasploit and utilizing automated tools like Tenable when needed.

Vulnerability Management:

• Assess and analyze security weaknesses and provide actionable recommendations to mitigate risks and improve overall security posture
• Communicate risk and collaborate with system owners, developers, and other teams to address security vulnerabilities to create closure plan, prioritize, and evaluate the solution after implementation
• Maintain corporate vulnerability board with vulnerability owners to ensure closure of all vulnerabilities within established SLAs

Risk & Security Management:

• Evaluate and assess potential security risks related to new and existing systems and technologies
• Assess cloud environments and applications specific configurations, access controls, and encryption mechanisms
• Validate various Cloud services for security issues such as, portal access, app services, databases, vms, and cloud storage (blob/buckets)
• Document security breaches and the extent of damage caused in detailed reports
• Install security software such as firewalls and data encryption programs, to protect sensitive information
• Monitor company’s networks for potential security breaches and investigate if such incidents occur
• Make recommendations to managers and senior executives on security advancements for optimal protection of company’s systems
• Develop a security plan that establishes best standards and practices for the company
• Assist co-workers with new program installations and provide guidance on security procedures as needed

Communication & Collaboration:

Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements.

Create and communicate processes that could help teams meet remediation goals.

Project Management:

Lead or be part of technical and business projects to provide security assessments and sound advice throughout the project.

QUALIFICATIONS

Knowledge and Experience:

• 7+ years of experience in system administrative (or equivalent) role working with technology and support
• 3+ years of experience in penetration testing
• Proficient in tools such as Kali Linux, Metasploit, Aircrack, Nmap, Burpsuite, ZAP, Curl, Nessus, Netsparker, Wireshark, etc
• Valid penetration testing certification such as CEH, PenTest+, GPEN, OSCP
• Strong knowledge of Windows operating systems, network protocols, web application architecture, and security hardening practices
• External client facing experience
• Strong knowledge in the security standard ISO 27001
• Proven experience performing successful penetration tests and red team assessments
• Proven experience with vulnerability assessment methodologies, tools and techniques used to conduct network vulnerability assessments and penetration testing
• Have an in-depth understanding of OWASP testing methodology, dynamic and static application security testing, re-engineering, automation, IDS/IPS systems, WAF, burp suite, Nmap, Nessus, Qualys, netsparker, Metasploit, etc

Personal Attributes:

• Fluency in written and spoken English
• Excellent written and verbal communication skills