The Cybersecurity Analyst is responsible for safeguarding the organization’s digital assets by identifying vulnerabilities, monitoring for threats, and responding to security incidents. This role involves implementing protective measures, conducting risk assessments, and ensuring compliance with security standards. Cybersecurity Analyst will work closely with BU heads to develop security protocols, educate staff on best practices, and stay ahead of evolving cyber risks.
Responsibilities
- Respond to cybersecurity incidents, including containment, investigation, remediation, and recovery.
- Continuously monitor and respond to any security tools and systems to detect abnormal or suspicious activity.
- Identify and assess threats, vulnerabilities, and indicators of compromise(IOCs).
- Conduct regular vulnerability assessments and penetration testing.
- Document incident findings and support post-incident analysis for future reference. Work with other teams to implement corrective actions.
- Evaluate and analyze risks associated with system configurations, network architecture, and software deployments.
- Assist in compliance audits (e.g., NIST, ISO 27001).
- Manage and optimize security software, such as antivirus and endpoint detection and response tools.
- Configure and maintain security information.
- Support implementation and upgrade of security solutions.
- Develop and update information security policies, procedures, and standards.
- Ensure adherence to organizational cybersecurity policies and best practices.
- Educate employees on cybersecurity best practices.
- Stay up to date on the latest cyber threats, vulnerabilities, tools, and trends.
- Analyze threat intelligence feeds and apply insights to improve defenses.
- Prepare reports on security incidents, metrics, compliance status, and audit findings.
- Maintain documentation for all security-related activities and decisions.
- Work closely with IT, BU heads and compliance teams to ensure security is integrated across operations.
- Communicate technical risks and threats to non-technical stakeholders.
Qualification
- Degree in Computer Engineering / Data Science / Information Technology or any other related field in IT.
- Have experience in networking administration(at least 2 years)
- With understanding of subnetting, network firewalls, VPNs, OS, network switch, access points
- Have experience in using security tools: SIEM, AV Software, EDR Solutions
- Have experience in conducting vulnerability and penetration testing
- Have the ability or experience in conducting cybersecurity training
- Certifications: NSE 1-4, CCNA, CompTIA Security+, CompTIA CySA+
- Nice to have but not required: CISSP