Security Analyst, Senior
Infor
- Manila City, Metro Manila
- Permanent
- Full-time
- With vast operational experience in various vulnerability scanning applications, vulnerability management, or related information security fields.
- Experience working in global environment
- Experience in threat and vulnerability management, as well as security operations.
- Knowledgeable in NIST and ISO 27001 frameworks, as well as SOC1 and SOC2 audits.
- Familiarity with industry-standard security best practices and vulnerability management processes, including compliance reporting.
- Knowledge of Secure Software Development Life Cycle (SSDLC) and concepts related to operating system hardening.
- Knowledge of general cloud concepts, particularly in AWS and Azure environments.
- Availability to work in the Philippines in GMT or GMT+1 time zones.
- Proficiency in automation through programming languages such as Java and Python.
- Experience developing and improving KPIs, metrics, and trending for vulnerability management functions.
- Demonstrate knowledge of Microsoft platform, Open System platform, Virtualization platforms and Databases, and patch management
- Knowledge of networking concepts and devices (Firewalls, Routers, Switches, and Load Balancers) and good understanding of network and web-related protocols
- Demonstrates principled entrepreneurship, practicing mutual benefit, and possessing the ability to attract, motivate, and empower people.
- Proven ability to challenge the status quo
- Values collaboration as a key aspect of success, with the capability to interact effectively with employees at all levels, both personally and professionally. Displays personal and professional self-awareness, recognizing strengths and areas for development, and actively seeks opportunities for growth.
- Exhibits a commitment to lifelong learning and self-actualization, continuously seeking out new knowledge and skills to stay ahead in the field of cybersecurity.
- Demonstrates flexibility and organizational skills, adapting to changing environments and effectively managing multiple tasks and responsibilities.
- Possesses a passion for advanced cybersecurity
- Research and report vulnerabilities using various tools in software, firmware, and devices, and modern exploits and exploitation techniques in the following areas: Microsoft platform, Open Systems platforms, Java, Adobe, Web Application, Java web app virtualization platforms, Networking, Databases, and others.
- Assess publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood, and impact.
- Produce data-driven, meaningful dashboards and reporting that show Security Risk
- Constantly transform yourself and the organization by designing correction plans and security findings into avoidance programs.
- Create mutual benefit by collaborating with Infrastructure, Application and Development leads on security findings and data-storytelling using your data analytics skills.
- Read through pen-test reports and able to advise remediation steps.
- Support various audit reports by providing proof and meaningful information.
- Automate manual activities and processes with automation where possible to avoid repeating human intervention and create efficiency and convenience.
- Respond on Cyber Threat by analyzing the source, scope, and the impact to protect systems and data.
- Implement improvements and recommendations based on the analyses you do, using various tools and techniques and advise on training, awareness, best practices and policies/procedures to ensure an affective security program.
- Identify and recommend appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management of the company.