Security Analyst

The Security Analyst will play a key role in safeguarding Bahwan CyberTeks digital assets, infrastructure, and applications by ensuring security operations, compliance, and risk management processes are effectively implemented. This role involves working closely with the Information Security Officer (ISO), security team members, IT leadership, and cross-functional teams to minimize cybersecurity risks, ensure adherence to regulatory requirements, and maintain a strong security posture.

The Security Analyst will support the Vulnerability Management Program, conduct risk assessments, monitor compliance, and follow up on remediation efforts. This position also requires active involvement in incident response, phishing campaign monitoring, and providing recommendations to strengthen overall cybersecurity resilience.

Key Responsibilities

• Monitor, analyze, and report on security activities using various security tools and software.
• Investigate and respond to security alerts and incidents.
• Review and analyze security logs, generate reports, and raise tickets when necessary.
• Support the organizations Vulnerability Management Programincluding reviewing scan results, patching updates, and remediation follow-ups with risk owners.
• Conduct risk reviews for new applications, developed code, or system changes prior to production deployment.
• Collaborate with IT and business teams to ensure new applications and systems comply with Bahwan CyberTeks information security standards.
• Research potential vulnerabilities and provide countermeasure recommendations.
• Participate in phishing campaign monitoring, detection, and reporting.
• Contribute to the development, implementation, and maintenance of information security policies, procedures, and plans.
• Provide support for security awareness training initiatives and reporting.
• Assist employees with cybersecurity, hardware, or software-related queries.
• Support compliance with standards and frameworks (e.g., ISO 27001, NIST, GDPR, SOC 2 Type II, Sarbanes-Oxley).
• Stay current with cybersecurity threats, trends, and regulatory requirements, recommending updates as needed.
• Perform daily administrative tasks, reporting, and communication with the Information Security team and other stakeholders.

Knowledge & Skills Required

• Strong knowledge of IT and security infrastructure technologies such as: Active Directory, Azure AD, Microsoft Defender, Windows security controls, SIEM, AV/EDR, IDS/IPS, IAM, PAM, PIM, certificate management, and vulnerability scanners.
• Experience in one or more of the following: o Information Security Risk Management o Technical assessments o Vendor assessments o Network security o Vulnerability management
• Working knowledge of cloud computing security (Microsoft Azure/Windows environments).
• Familiarity with frameworks and standards: ISO 27001, ISO 20001, NIST, GDPR, SOC 2 Type II.
• Strong understanding of the Analyze, Prevent, Detect, and Respond domains (NIST).
• Highly analytical, detail-oriented, and capable of managing multiple tasks efficiently.

Qualifications & Experience

• Bachelors degree in Information Systems, Computer Science, Information Security, or a related field (or equivalent combination of education and experience).
• 15 years of progressive experience in IT Security, IT Risk, Cybersecurity Risk Management, or IT Audit.
• Relevant certifications (CRISC, CISA, CISSP) are an advantage.
• Experience working with a Managed Security Services Provider (MSSP) preferred.
• Strong communication (written and verbal), negotiation, and analytical skills.
• Ability to work with cross-functional teams and provide consultancy-style support.
• Must be flexible, reliable, highly organized, and capable of handling confidential information with integrity.
• Willingness to work occasional evenings or weekends, based on business needs