Enterprise Cyber Security Analyst

Cyber Advisory analyst is responsible for providing consultation on various cyber security requirements for applications infrastructure and emerging technologies

Position responsibilities include:

Perform a review of functional requirements of the software project. Identify relevant security requirements for this functionality by reasoning on the desired confidentiality integrity or availability of the service or data offered by the software project

Conduct thorough assessments of web applications prioritize risks aligning with OWASP and ASVS guidelines while implementing Information Security Policy and industry standards like ISO NIST CIS to support application teams in creating secure products.

Support in analyzing and implementing optimized Cloud hardening controls that deliver security compliance and responsiveness to the latest Cloud-based threats and attacks (GCP Azure SaaS solutions etc.)

Provide Cyber Security guidance and requirements when a new technology is being considered/introduced as part of the enterprises strategy

Identify design flaws to assess quantify and rank risk help with mitigation of the open issues. Ensure tracking and closure of all critical risks before production launch

Analyze stakeholder feedback and input to identify areas of alignment and potential conflicts and work to resolve them in a timely and effective manner.

Plan research and document appropriate and flexible security requirements for standard IT architectural components based on Industry standards (OWASP NIST IETF etc.)

Stay updated through continuous learning on the latest cybersecurity trends and technologies such as LLM ZTNA LCNC to offer proactive and effective recommendations and solutions to stakeholders.

Collaborate with cross-functional teams to ensure project scope/deliverables and expert advice provided post security assessments are in-line.

Benchmark and Leverage industry best practices (e.g. OWASP SAMM) to continually improve process maturity.

Skillset required:

In-depth understanding of cyber security framework and industry standards (NIST CSF ISO27001/2 OWASP etc.) Threat Modeling and IT Risk Assessment

Proficiency in IAM technologies concepts and best practices including identity lifecycle management access control authentication mechanisms and federation protocols.

Proficiency in API security concepts standards and best practices including OAuth OpenID Connect JWT TLS/SSL and OWASP API Security Top 10.

Knowledge of computer networking and network security architecture concepts including topology protocols components and principles.

Deep understanding of Google Cloud Platform (GCP) services architecture and security features.

Knowledge of emerging technologies like AI/ML Zero Trust LCNC etc. and willingness to learn new technologies and concepts.

Strong understanding Cryptography and data protection concepts.

Knowledge of laws regulations policies and ethics related to cybersecurity and privacy

Proficiency in conducting security assessments risk analysis and vulnerability management.

Knowledge of DevSecOps agile principles and security policies.

Excellent analytical and problem-solving skills to identify security risks and develop effective solutions.

Excellent communication and interpersonal skills to collaborate with cross-functional teams and communicate security risks effectively.

Qualifications required:

Bachelors degree in computer science Cyber Security or related field of study

2 years of experience in Cyber Security or related fields of IT.

Knowledge on Security Framework such as NIST CSF ISO27001 OWASP Top-10 etc.

Cyber security certifications like CISSP CCSP CSSLP etc. are highly desirable.