Security Analyst
Cornerstone OnDemand
- Pune, Maharashtra
- Permanent
- Full-time
- Lead efforts to counter security breaches, anticipate future security alerts, incidents, and disasters, and reduce the likelihood of such occurrences.
- Define, maintain, and upgrade security measures, policies, and controls to enhance the overall security posture of the organization.
- Write reports and provide insights on the efficacy of current security policies, incident responses, disaster recovery plans, and other security-related information.
- Assist in creating SOPs & playbooks to secure the infrastructure and educate employees.
- Keep security systems up to date, maintaining relevant data to ensure compliance with security protocols.
- Conduct vulnerability testing, risk analyses, and both internal and external security remediations to assess security effectiveness.
- Utilize ethical techniques, to identify security threats and vulnerabilities, thereby fortifying the organization's defenses against unauthorized access.
- Utilize forensics techniques to investigate security risks & vulnerabilities, collecting, analyzing, and reporting data as necessary.
- Thoroughly analyse network traffic to identify potential threats and respond accordingly, ensuring the integrity and confidentiality of organizational data.
- 3-5 Years of Cyber Security or IT Security Experience with proficiency in utilizing vulnerability scanning tools such as Nessus, Tenable, and Rapid7 to perform regular scans on both on-premise and cloud-based assets
- Experience in managing SIEM (Security Information and Event Management) solutions like QRadar and Splunk to correlate security events and identify potential threats.
- Demonstrated ability to analyze and prioritize vulnerabilities identified by scanning tools based on their severity and impact on both on-premise and cloud environments.
- Familiarity with cloud security best practices and techniques for securing assets in platforms such as AWS, Azure, or Google Cloud Platform.
- Strong understanding of endpoint detection and response (EDR) solutions like CrowdStrike to detect and respond to threats on endpoints across the network.
- Proficient in creating and maintaining documentation related to vulnerability management processes, including remediation plans and risk assessments.
- Ability to communicate effectively with cross-functional teams to provide proactive security advisories for public-facing assets under risk, including timely mitigation strategies
- Familiarity with regulatory compliance frameworks such as PCI DSS, HIPAA, GDPR, etc., and experience in ensuring compliance of both on-premise and cloud assets.
- Understanding of Network Protocols, Threat Profiles, DLP, SOAR, and encryption.
- Experience with network security assessments of on-premise and cloud-based applications but not limited to Firewalls, IPS & IDS Solutions
- Relevant certifications such as CEH, Comptia Security+ , GIAC Security Essentials (GSEC), Certified Incident Handler (GCIH)
- Council Certified Security Analyst (ECSA) or equivalent are a plus.
- Participate in incident response activities, including forensic analysis and containment measures.