Security Analyst

Key Responsibilities:

• Define and advise on design, implementation, and testing processes to protect information system assets.
• Perform risk assessments and translate security architecture, policies, and controls into security requirements (“secure by design”) for business and IT projects.
• Contribute to architectural designs and validate them against security requirements.
• Define security testing and penetration testing requirements; support testing teams and approve resulting reports.
• Define, implement, and ensure proper functioning of departmental security services in line with IT security policies.
• Recommend and advise management on new or improved security services.
• Produce documented security services, technical standards, or principles.
• Act as a subject matter expert in a specific security domain (e.g., Mainframe security, PKI and Cryptography, Network security, platform security, IAM, application security, secure coding), and serve as the point of contact for business, project teams, and stakeholders including business owners/analysts, project leaders, risk management, auditors, engineers, developers, and architects.
  

Required Technical and Professional Expertise:

We are seeking Cyber & Information Security experts with experience in one or more of the following areas:

• Proven experience in security risk assessments, functional security requirements development, process design, and management reporting.
• Familiarity with key security domains and best practices:
  • Identity and Access Management (IAM), PKI, network security, and data protection
  • Application security and software development practices
    Understanding of OWASP guidelines, use of code scanning tools, and CI/CD security automation
  • Experience with security technologies: IDAAS, identity management platforms, secure access management, federation services, cryptographic solutions, web application firewalls, endpoint security
  • Security technologies in infrastructure domains: virtualization, SDN, cloud (IAAS/PAAS/SAAS), network/DMZ, VOIP, Wi-Fi, 802.1x, anti-malware, middleware, end-user workspace, storage (SAN, NAS), databases, and Infrastructure-as-Code
    

Preferred Certifications:

• CISSP, GIAC, SABSA, ISO 27001 LA/LI
• Product-specific security certifications are a plus
  

Candidate Profile:

• University degree in Computer Science, Engineering, or a related field
• IT security professional with solid experience in infrastructure or application security
• For senior profiles: minimum 10+ years’ cyber security experience across multiple domains and companies/industries
• For entry-level profiles: minimum 3+ years’ cyber security experience in at least one domain
• Proficient in PowerPoint, Visio, Excel, and Word
• Experience translating business needs into technical solutions
• Strong organizational, planning, research, analytical, and critical thinking skills
• Able to take initiative, exercise sound judgment, and make informed decisions
• Detail-oriented and deadline-driven
• Strong presentation skills, able to convey complex topics clearly and concisely
• Able to work effectively in an international and multi-cultural environment
• Fluent in English
  Team player with respectful and constructive communication
• Strong interpersonal skills to engage with both business and technical stakeholders
• Able to manage multiple projects under pressure
• Independent, service-oriented, and organized
• Committed to quality and ownership