Cyber Security Analyst

Enterprise Cyber Security Analyst

Cyber Advisory analyst is responsible for providing consultation on various cyber security requirements for applications, infrastructure, and emerging technologies

Position responsibilities include:

· Perform a review of functional requirements of the software project. Identify relevant security requirements for this functionality by reasoning on the desired confidentiality, integrity or availability of the service or data offered by the software project

· Conduct thorough assessments of web applications, prioritize risks aligning with OWASP and ASVS guidelines, while implementing Information Security Policy and industry standards like ISO, NIST, CIS to support application teams in creating secure products.

· Support in analyzing and implementing optimized Cloud hardening controls that deliver security, compliance, and responsiveness to the latest Cloud-based threats and attacks (GCP, Azure, SaaS solutions etc.)

· Provide Cyber Security guidance and requirements, when a new technology is being considered/introduced as part of the enterprise's strategy

· Identify design flaws to assess, quantify and rank risk, help with mitigation of the open issues. Ensure tracking and closure of all critical risks before production launch

· Analyze stakeholder feedback and input to identify areas of alignment and potential conflicts, and work to resolve them in a timely and effective manner.

· Plan, research, and document appropriate and flexible security requirements for standard IT architectural components based on Industry standards (OWASP, NIST, IETF etc.)

· Stay updated through continuous learning on the latest cybersecurity trends and technologies, such as LLM, ZTNA, LCNC, to offer proactive and effective recommendations and solutions to stakeholders.

· Collaborate with cross-functional teams to ensure project scope/deliverables and expert advice provided post security assessments are in-line.

· Benchmark and Leverage industry best practices (e.g. OWASP SAMM) to continually improve process maturity.

Skillset required:

· In-depth understanding of cyber security framework and industry standards (NIST CSF, ISO27001/2, OWASP, etc.), Threat Modeling and IT Risk Assessment

· Proficiency in IAM technologies, concepts, and best practices, including identity lifecycle management, access control, authentication mechanisms, and federation protocols.

· Proficiency in API security concepts, standards, and best practices, including OAuth, OpenID Connect, JWT, TLS/SSL, and OWASP API Security Top 10.

· Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles.

· Deep understanding of Google Cloud Platform (GCP) services, architecture, and security features.

· Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.

· Strong understanding Cryptography and data protection concepts.

· Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy

· Proficiency in conducting security assessments, risk analysis, and vulnerability management.

· Knowledge of DevSecOps, agile principles, and security policies.

· Excellent analytical and problem-solving skills to identify security risks and develop effective solutions.

· Excellent communication and interpersonal skills to collaborate with cross-functional teams and communicate security risks effectively.

Qualifications required:

· Bachelor's degree in computer science, Cyber Security, or related field of study

· 2+ years of experience in Cyber Security or related fields of IT.

· Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc.

· Cyber security certifications like CISSP, CCSP, CSSLP etc. are highly desirable.