Lead Information Security Analyst

HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators and improve student outcomes. As a leading provider of K–12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students' potential and extend teachers' capabilities.

HMH serves more than 50 million students and 4 million educators in 150 countries. HMH Technology India Pvt. Ltd. is our technology and innovation arm in India focused on developing novel products and solutions using cutting-edge technology to better serve our clients globally. HMH aims to help employees grow as people, and not just as professionals. For more information, visit

We are seeking a Senior Security Analyst with strong hands-on experience in cloud security, application security, web-based development, scripting, and AI/automation concepts. This role combines responsibilities across cloud infrastructure, secure software development, and application security. The ideal candidate will be adept at designing and implementing advanced security solutions, identifying vulnerabilities, and collaborating with cross-functional teams to enhance security posture across the organization.

Key Responsibilities:

• Design and implement secure cloud architectures (AWS, Azure, GCP).
• Secure services like IAM, VPC, S3, KMS, and containerized environments.
• Develop and enforce cloud security policies and golden images.
• Implement encryption strategies and monitor environments using tools like ORCA, SIEM, CSPM, CWPP.
• Ensure compliance with GDPR, HIPAA, SOC 2, PCI DSS, ISO27001, and SOX.
• Collaborate with Engineering, DevOps, Legal, and Risk teams.
• Automate security workflows using Python, Java, PowerShell, Bash.
• Lead application security remediation and incident response.
• Address OWASP vulnerabilities and conduct forensic investigations.
• Perform vulnerability assessments using SAST, DAST, IAST, RASP, WAF.
• Advocate for secure SDLC practices and developer training.
• Monitor cloud and on-prem infrastructure for security threats.
• Support and implement controls for third-party attestations.

Required Qualifications:

• 5+ years in cloud security, application security, and infrastructure management.
• Strong scripting and automation skills (Python, PowerShell, Shell/BASH, Terraform).
• Proficiency in web development frameworks (React, Angular, NodeJS, Spring, MVC, HTML, CSS).
• Experience with vulnerability tools (SAST, DAST, IAST, RASP, WAF).
• Familiarity with Kubernetes, microservices, DevSecOps tools.
• Understanding of encryption, authentication, and IAM.
• Experience with SIEM tools (Datadog, Splunk, Sumo Logic, Kibana).
• Knowledge of AI/ML and automation in security workflows.
• Strong communication and stakeholder engagement skills.

Preferred:

• Experience in agile development environments.
• Prior experience in secure software design for externally facing web applications
• Experience with Web Content Management frameworks.
• Familiarity with security frameworks (CIS, NIST, ISO
• Exposure to third-party risk assessments and compliance audits.
• Hands-on experience with JIRA, Confluence, and documentation of security processes.
• Ability to support security incident triage, root cause analysis, and post-incident reviews.

HMH Technology Private Limited is an Equal Opportunity Employer and considers applicants for all positions without regard to race, colour, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. We are committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation. For more information, visit Follow us on Twitter, Facebook, LinkedIn, and YouTube.