Senior Security Analyst

Senior Security Analyst

Work for our global clients and immerse in our rich and diverse company culture where you can thrive, grow and just be aweSOme! Apply now and discover the Satellite Office Candidate Experience – recognized as one of BEST among BPO companies worldwide.

WHAT IS A SENIOR SECURITY ANALYST

Our awesome client, a leading technology company based in the US is looking for a Senior Security Analyst to be part of their team.

• The Senior Security Analyst is responsible for managing information security, ensuring regulatory compliance, conducting risk assessments, and supporting incident response to protect the organization's systems and data.

WHAT WILL BE YOUR MAIN RESPONSIBILITIES

Information Security Management

• Conduct regular security assessments and vulnerability scans to identify potential risks and weaknesses in information systems

• Implement and maintain security controls to protect against unauthorized access, data breaches, and other security threats

• Monitor security events and incidents, analyze security logs, and respond to security breaches promptly

• Assist in the development, testing, and enforcement of security policies, procedures, and guidelines

• Collaborate with IT teams to ensure secure configurations of systems, applications, and network devices

• Stay up-to-date with the latest security technologies, trends, and best practices to continually improve security posture

Compliance and Regulation

• Ensure compliance with relevant industry standards, laws, and regulations (e.g., GDPR, HIPAA, ISO 27001, PCI DSS)

• Conduct compliance assessments and audits to validate adherence to security standards and requirements

• Prepare reports and documentation for internal and external stakeholders to demonstrate compliance

• Collaborate with legal and regulatory affairs teams to interpret and implement applicable data protection and privacy laws

• Provide guidance to internal teams on compliance-related matters and assist in remediation efforts when needed

Risk Assessment and Mitigation

• Identify, assess, and prioritize information security risks based on potential impact and likelihood of occurrence

• Develop risk mitigation strategies and recommendations to enhance overall security posture

• Work with business units to ensure security measures align with business objectives and are integrated into their processes

Training and Awareness

• Conduct security awareness training sessions for employees to promote a security-conscious culture

• Educate staff on security policies, best practices, and procedures to reduce human-related security risks

Testing, Incident Response, and Forensics

• Conduct application and environment tests for new and emerging security threats and vulnerabilities

• Participate in incident response activities and support investigations into security incidents

• Assist in collecting evidence, conducting forensic analysis, and preparing incident reports

WHAT ARE WE LOOKING FOR

• Bachelor's degree in Computer Science, Information Technology, or a related field

• Proven experience in information security, compliance, or a related field

• Strong knowledge of security frameworks such as NIST, CIS, or ISO 27001

• Familiarity with regulatory requirements and privacy laws (e.g., GDPR, HIPAA, GDPR, CPRA, CCPA)

• Understanding of risk assessment methodologies and risk management practices

• Experience with security tools and technologies such as firewalls, IDS/IPS, SIEM, etc.

• Experience with AWS and Azure Cloud environments

• Experience with Firewalls, Load Balancers, WAFs, and VPN concentrators

• Experience with hardening standards for servers, desktops, laptops, and networking devices

• Experience with Penetration Tests and Vulnerability Scans

• Understanding of malware, network threats, attack vectors, and incident response

• Knowledge of cloud, container-based, and virtualization architectures

• Familiarity with internet protocols and data formats such as HTTP, TLS, SSL, HTML, and XML

• Knowledge of database technologies such as Elasticsearch, SQL, or Oracle

• Understanding of encryption techniques, algorithms, and approaches

• Excellent analytical, problem-solving, and communication skills

• Ability to stay abreast of industry trends and emerging security threats

• Relevant certifications such as CISSP, CISA, CISM, CEH, GWAPT, or GPEN are a plus

• Higher education or government agency information security experience is a plus

• Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, ISO, and NIST is a plus