Information Security Analyst

Job Description

All you need is...

- Bachelor's degree in computer science, Information Security, or related field (or equivalent experience).
- 3+ years of hands-on experience in information security, with a focus on threat detection, penetration testing, and AI-driven security solutions.
- Demonstrated experience working in financial or SaaS security environments (e.g., PCI DSS, SOC 2, ISO 27001).
- Advanced knowledge of networking protocols, encryption, firewalls, IDS/IPS, and VPNs.
- Strong experience with cloud platforms (AWS, GCP, or Azure), including security configurations, monitoring, and automation.
- Hands-on experience with security tools such as EDR, SIEM (Splunk, ElasticSearch, etc.), vulnerability scanners (Nessus, Qualys), and threat intelligence platforms.
- Practical experience in penetration testing (e.g., OWASP Top 10, API testing) and red teaming.
- Expertise in scripting languages (Python, PowerShell) and automation tools.

Security Certifications:

- CEH (Certified Ethical Hacker), CISSP, CISA, or equivalent certifications (required).
- Additional certifications in cloud security (AWS Certified Security Specialty, etc.) or AI/ML for security (optional but preferred).

What will your job look like

- Proactively monitor and assess emerging threats using advanced AI-driven tools. Analyze identified threats and develop effective remediation plans to minimize risk to critical systems and data.
- Lead proactive threat hunts leveraging AI, machine learning models, and automation tools. Identify Indicators of Compromise (IOCs) and detect patterns to anticipate future attacks.
- Perform advanced penetration testing exercises to identify vulnerabilities, misconfigurations, and weaknesses in systems. Collaborate in purple team exercises to validate security measures and improve resilience.
- Participate in risk assessments, ensuring compliance with financial industry regulations (e.g., PCI DSS, SOC 2) and internal security policies. Provide guidance on mitigating risks through the integration of AI-based security solutions.
- Lead the investigation and response to security incidents. Utilize machine learning and EDR tools to perform in-depth analysis of malware, root causes, and attack methodologies.
- Conduct continuous monitoring using SIEM (Security Information and Event Management), AI-driven anomaly detection systems, and advanced analytics tools to detect and respond to security events.
- Collaborate with SecDevOps and Engineering teams to automate security controls, incident responses, and vulnerability management using AI and advanced scripting (Python, PowerShell).
- Work closely with teams across the organization to integrate security at every stage of development (DevSecOps), ensuring secure cloud infrastructure, services, and APIs.
- Deep involvement in securing public cloud environments (AWS, Azure, GCP), leveraging AI tools to detect misconfigurations, vulnerabilities, and unauthorized access attempts.
- Support penetration testing efforts, identifying vulnerabilities within cloud and on-premise infrastructure. Lead and contribute to purple team engagements to test and improve defensive capabilities.
- Stay current with the latest AI, machine learning, and cybersecurity trends. Actively research emerging threats and innovative tools to protect the organization's assets.
- Evaluate and implement third-party security tools, AI-based solutions, and threat intelligence platforms to enhance security posture and detection capabilities.
- Use AI and behavioral analytics to proactively detect threats that evade traditional security solutions. Develop custom threat detection algorithms where needed.
- Leverage threat intelligence feeds, machine learning models, and threat-hunting tools to proactively identify and mitigate risks from advanced persistent threats (APTs).

---