Senior Information Security Analyst

About Policybazaar.com

We believe in insurance for all, and we drive it through unbiased information and time-efficient processes for all Indian customers. As Indias largest insurance brokers, we consider it our responsibility to be every Indian customers one-stop portal for protection against death, disease and disability as well as for mindful investment planning. We understand customers; anxiety about claim settlement, so we offer 24x7 online support, on-ground support, as well and even host special claim samadhan events where stuck claims can be reopened and resolved instantly. Our mission, in keeping with IRDAI's inspiring vision, is Har Family Hogi Insured by 2047.

Companies Paisabazaar.com, Docprime, QuickFixCars, Policybazaar.ae, Zphin

Visit policybazaar.com to know more about us.

JOB DESCRIPTION-SENIOR INFORMATION SECUIRTY ANALYST

What we are looking for in a candidate

Interact with teams to develop understanding of Policybazaar's security landscape/posture

Execution of/support the team in techno compliance gap assessments against the below mentioned standards/guidelines: ISO 27001 , PCI DSS ,CERT-In , NIST-CSF

Understanding/Implementing information security policies and processes in accordance with industry best practices

Conducting vulnerability scans and penetration testing to identify security weaknesses across infrastructure and application landscape

Documenting and reporting findings, including recommendations for remediation and liaising with internal stakeholders for closure

Staying current with new attack vectors and tools, and incorporating them into testing procedures

Collaborating with other teams to prioritize remediation efforts

Skills

Proven work experience of 2-3 years in information security domain

B.Tech or equivalent degree in Computer Science, Information Security or related field

Excellent written and verbal communication skills

Good understanding of technology risk assessment frameworks

Ability to contribute individually, and as a part of team

Knowledge of OWASP Top 10 is a must

Knowledge of NIST CSF, MITRE ATT&CK is preferable

Good to have technical security certifications like OSCP, PNPT, CRTP, or similar

Experienced in DAST, SAST and Infra VAPTand infrastructure penetration testing techniques

Experienced in penetration testing methodology and techniques

Ability to identify security vulnerabilities and suggest appropriate mitigation steps

Must have knowledge about the Cyber threat Intelligence and Source Code Review