Cyber Security Analyst

About the Company:

Headquartered in California, U.S.A., GSPANN provides consulting and IT services to global clients. We help clients transform how they deliver business value by helping them optimize their IT capabilities, practices, and operations with our experience in retail, high-technology, and manufacturing. With five global delivery centers and 2000+ employees, we provide the intimacy of a boutique consultancy with the capabilities of a large IT services firm.

About the Role

We are looking for a seasoned Cyber Security Analyst to join our Information Security team. In this senior-level role, you will be the operational cornerstone of our Application Security (AppSec) and DevSecOps programme — embedding security controls across the software development lifecycle, automating policy enforcement, and providing actionable risk intelligence through data-driven dashboards.

You will collaborate closely with engineering, DevOps, and product teams to ensure that security is not a bottleneck but a competitive advantage. If you thrive on automation, love writing code to solve security problems, and have a deep understanding of modern toolchains, this role is for you.

Experience: 5 Yrs - 10 Yrs

Job location: Gurugram/Hyderabad

Key Responsibilities

Application Security & Secure SDLC

• Own and operate the ASPM platform (Apiiro) to continuously assess application risk posture and surface security findings to development teams.
• Configure and manage DAST/SAST tools — Invicti, Checkmarx, and GitHub Advanced Security (CodeQL) — to enforce security gates within CI/CD pipelines.
• Define and implement policy-as-code rules to automate security checks and block non-compliant builds automatically.
• Conduct threat modelling and secure code review sessions with engineering squads, providing actionable remediation guidance.
• Champion secure SDLC practices, ensuring developers follow security standards from design through deployment.

Security Automation & Engineering

• Develop and maintain automation scripts and tooling using Python, PowerShell, and Bash for alert triage, reporting, and remediation orchestration.
• Build and manage security workflows integrated with GitHub Actions, automating vulnerability scans, secret detection, and dependency auditing.
• Design and implement REST API and webhook integrations between security tooling, Jira, Confluence, and monitoring platforms.
• Manage secrets hygiene including automated token rotation and enforcement of least-privilege access policies across cloud and on-premise systems.

Monitoring, Alerting & Incident Response

• Maintain observability stacks (Prometheus / Grafana or cloud-native equivalents) and configure alert rules for security-relevant events.
• Integrate alerting pipelines with PagerDuty, Microsoft Teams, and Slack to ensure timely on-call notification and triage.
• Investigate security incidents, perform root cause analysis, and document findings in Confluence with clear remediation timelines.
• Support and improve incident response playbooks and runbooks maintained in version-controlled repositories.

Dashboards, Reporting & Risk Communication

• Design and own executive and operational security dashboards using Power BI, Tableau, or Looker to track KPIs, SLAs, and risk metrics.
• Produce regular vulnerability trend reports, AppSec programme health reports, and policy compliance summaries for senior stakeholders.
• Translate complex technical findings into clear risk narratives for non-technical audiences including product owners and leadership.

Infrastructure & DevOps Collaboration

• Partner with DevOps and platform engineering teams on Infrastructure-as-Code (IaC) reviews, identifying security misconfigurations in YAML-based configurations.
• Apply container security best practices across Docker and Kubernetes workloads, advising teams on image hardening and runtime protection.
• Maintain Git-based security configuration repositories, ensuring version control best practices and peer-review processes.

Governance & Process

• Manage security findings lifecycle end-to-end in Jira, leveraging Jira Automation to streamline ticket routing, SLA tracking, and escalation workflows.
• Maintain up-to-date security documentation, standards, and runbooks in Confluence.
• Contribute to security awareness sessions, lunch-and-learns, and developer training programmes.

Required Qualifications

Experience

• 5 to 10 years of hands-on experience in Cyber Security, Information Security, or a closely related field.
• Minimum 3 years of focused experience in Application Security, DevSecOps, or Security Engineering.
• Demonstrated experience securing cloud-native environments (AWS, Azure, or GCP).
• Proven track record of building or significantly improving a security automation programme.

Technical Skills

• Proficiency in Python, PowerShell, and Bash for security automation and tooling.: Languages & Scripting
• Hands-on experience with GitHub Actions and implementing policy-as-code frameworks within delivery pipelines.: CI/CD & Pipeline Security
• Operational experience with two or more of: Apiiro (ASPM), Invicti, Checkmarx, GitHub Advanced Security / CodeQL.: AppSec Tooling
• Strong working knowledge of JSON, YAML, REST APIs, and webhook-driven integrations.: Data & APIs
• Practical experience with Prometheus / Grafana or equivalent cloud monitoring services; familiarity with PagerDuty, Teams, or Slack alerting integrations.: Observability
• Ability to build security dashboards in Power BI, Tableau, Looker, or equivalent platforms.: BI & Dashboarding
• Solid Git workflows; comfort reviewing IaC artifacts (YAML, Terraform, Helm charts) for security issues.: Version Control & IaC
• Working knowledge of Docker and container security fundamentals; Kubernetes awareness is desirable.: Containers

Security Knowledge

• Deep understanding of secure SDLC methodologies (SAST, DAST, SCA, secret scanning, container scanning).
• Strong grasp of OWASP Top 10, CWE/CVE frameworks, and threat modelling approaches (STRIDE, PASTA, or equivalent).
• Familiarity with least-privilege principles, zero-trust architecture, and token/credential rotation best practices.
• Working knowledge of relevant compliance standards: ISO 27001, SOC 2, NIST CSF, or PCI-DSS.

Why choose GSPANN

We GSPANNians are at the heart of the technology that we pioneer. We do not service our customers, we co-create.

With the passion to explore solutions to the most challenging business problems, we support and mentor the technologist in everyone who is a part of our team. This translates into innovations that are path-breaking and inspirational for the marquee clients, we co-create a digital future with.

GSPANN is a work environment where you are constantly encouraged to sharpen your abilities and shape your growth path, We support you to become the best version of yourself by feeding your curiosity, providing a nurturing environment, and giving ample opportunities to take ownership, experiment, learn and succeed.

We're a close-knit family of more than 2000 people that supports one another and celebrates successes, big or small. We work together, socialize together, and actively serve the communities we live in.

We invite you to carry forward the baton of innovation in technology with us.

At GSPANN, we do not service. We Co-create.

Discover your inner technologist - Explore and expand the boundaries of tech innovation without the fear of failure.

Accelerate your learning - Shape your career while scripting the future of tech. Seize the ample learning opportunities to grow at a rapid pace

Feel included - At GSPANN, everyone is welcome. Age, gender, culture, and nationality do not matter here, what matters is YOU

Inspire and Be Inspired - When you work with the experts, you raise your game. At GSPANN, you're in the company of marquee clients and extremely talented colleagues

Enjoy Life - We love to celebrate milestones and victories, big or small. Ever so often, we come together as one large GSPANN family

Give Back - Together, we serve communities. We take steps, small and large so we can do good for the environment, weaving in sustainability and social change in our endeavors.

We invite you to carry forward the baton of innovation in technology with us.

Let's Co-create.