INFORMATION SECURITY ANALYST

Job Summary

The Information Security Analyst is responsible for protecting the organization’s information systems, networks, and data from cybersecurity threats. This role monitors security controls, investigates security incidents, assesses vulnerabilities, and supports compliance with applicable regulations and security frameworks. The analyst works closely with IT, and business stakeholders to ensure the confidentiality, integrity, and availability of information assets.

Key Responsibilities

Security Operations & Monitoring

• Monitor security alerts and events using SIEM and other security tools.
• Analyze and respond to security incidents, including malware infections, phishing attempts, and unauthorized access.
• Participate in incident response activities including containment, eradication, recovery, and post-incident reviews.
  
  

Risk & Vulnerability Management

• Conduct vulnerability scans and assist with penetration testing activities.
• Assess security risks and recommend remediation or mitigation strategies.
• Track remediation efforts and validate closure of identified security findings.
  
  

Policy, Compliance & Governance

• Assist in developing, implementing, and maintaining information security policies, standards, and procedures.
• Support compliance with regulatory and security framework requirements (e.g., NIST, ISO 27001, HIPAA, PCI DSS).
• Participate in internal and external security audits and risk assessments.
  
  

Security Engineering & Controls

• Support implementation and tuning of security technologies such as endpoint protection, IDS/IPS, DLP, and MFA.
• Review system and network configurations to ensure alignment with security best practices.
• Provide input and guidance on secure system design and architecture.
  
  

Awareness & Collaboration

• Assist with security awareness training programs and phishing simulations.
• Advise IT and business teams on information security best practices.
• Maintain accurate documentation related to security incidents, controls, and procedures.
  
  

Required Qualifications

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field; or equivalent work experience.
• 2–5 years of experience in information security, cybersecurity, or IT operations.
• Knowledge of network and system security concepts and common cyber threats.
• Familiarity with security monitoring, incident response, and vulnerability management processes.
• Strong analytical, problem-solving, and communication skills.
  
  

Preferred Qualifications

• Relevant certifications such as Security , CEH, CISSP, or GIAC.
• Experience with SIEM tools, endpoint detection and response (EDR), and vulnerability management platforms.
• Knowledge of cloud security principles and platforms (e.g., Azure, AWS, GCP).
• Experience working in regulated or compliance-driven environments.
  
  

Key Competencies

• Attention to detail and accuracy
• Incident analysis and critical thinking
• Risk-based decision making
• Clear written and verbal communication
• Ability to work independently and as part of a team
• Commitment to continuous learning and professional development