Synopsis of the role
The Information Security Analyst is responsible for protecting an organization's computer systems, networks, and data from security breaches, cyberattacks, and unauthorized access. This involves planning, implementing, monitoring, and upgrading security measures and managing incident response and disaster recovery plans.
What You'll Do
- Prevention & Protection : Manage security software (e.g., firewalls, encryption programs, anti-virus/anti-malware etc).
- Vulnerability Management : Coordinate and support penetration testing and conduct periodic risk assessments to identify weaknesses and vulnerabilities in systems and networks.
- Develop Policies/Process/SOPs: Update, and enforce security standards, policies, and best practices for the organization.
- Access Control: Manage and monitor user access, credentials, and permissions to ensure data integrity and confidentiality.
- Detection & Response: (Security Monitoring) Continuously monitor networks and systems for security breaches, anomalies, and suspicious activity (often using SIEM tools).
- Incident Response: Respond immediately to security alerts, investigate cyberattacks, determine the root cause, and implement countermeasures to mitigate damage.
- Strategy & Compliance (Documentation and Reporting) : Prepare detailed reports on security metrics, attempted attacks, and successful breaches for both technical and non-technical stakeholders. RBI & CERTIN notification implementations and followup with stakeholders. Quaterly Infosec RBI Daksh portal submissions.
- Disaster Recovery: Develop and test disaster recovery and business continuity plans to ensure IT operations can be quickly restored after an emergency.
- Research: Stay up-to-date on the latest IT security trends, cyber threats, and attack vectors to proactively recommend system enhancements.
- Security Audits: Assist with internal (Information systems, ISO 27001, PCI DSS audits, Global Security control testing, Data Centre, Vendor, Customer onboardind and CISA audit) and managing external regulatory RBI & CSITE audits to ensure compliance with relevant security laws and regulations.
- Training & Support : Provide security guidance, support, and Infosec awareness training, Email & programs and events to employees,Vendor and IT staff on new security products and procedures.
What Experience You Need
Technical Knowledge
- Networking: Strong understanding of network protocols, network security (e.g., VPN, IDS/IPS), and firewall management.
- Operating Systems: Proficiency/understanding with various operating systems (Windows, Linux etc).
- Security Tools: Experience with vulnerability scanners, penetration testing tools, and Security Information and Event Management ( SIEM ) systems.
- Programming/Scripting: Basic familiarity with one or more scripting or programming languages (e.g., Python, Bash) for automation and analysis
Education And Experience
- Education: A Bachelor's degree in Computer Science, Cybersecurity, Information Technology.
- Experience: 0 -5 years of experience
Soft Skills
- Analytical and Problem-Solving: Ability to quickly analyze large amounts of data, detect subtle security anomalies, and solve complex technical issues under pressure.
- Attention to Detail: Meticulous approach to monitoring system logs and configuration files.
- Communication: Excellent written and verbal communication skills to explain technical issues, threats, and security policies to both technical teams and non-technical management.
- Creative Thinking: Ability to anticipate and think like an attacker to proactively identify and close security gaps.
- Security Domains: Knowledge of key security concepts like incident response, computer forensics, ethical hacking, and risk management.
What Could Set You Apart
- Certified Information Systems Security Professional ( CISSP )
- Certified Ethical Hacker ( CEH )
- Certified Information Security Manager
