What are the responsibilities and job description for the IT Security Analyst position at IBU Consulting Pvt Ltd?
ROLE TITLEIT Security Analyst ROLE LOCATION(S)Onshore Office:Alpharetta, GA; Charlotte, NC; Chicago, IL; Conshohocken, PA; Dallas, TX; Denver, CO; Fargo, ND; Garden City, NY; Houston, TX; Lenexa, KS; Lubbock, TX; Morristown, NJ; Mt Juliet, TN; New York, NY; Purchase, NY; Topeka, KSROLE SUMMARYThe Security Analyst is responsible for independently managing third-party vulnerability data sources, executing scans using proprietary tools, and collaborating with IT teams to prioritize mitigation efforts. The role involves leveraging vulnerability management tools to generate metrics and reports that track progress and effectiveness. Additionally, the Security Analyst may contribute to reviewing project scopes to recommend security benchmarks, optimizing security tool alerts and policies, and integrating logs and large data sets into existing systems.ROLE RESPONSIBILITIESAnalyze vulnerabilities from various sources and input them into the vulnerability management tool using approved methods to ensure a complete overview of exposures.Evaluate existing vulnerabilities to find problem areas or opportunities for mass-mitigation.Communicate with other teams to explain the opportunities or needs.Escalate vulnerabilities that have breached our time-to-resolve limits.Configure scanning tools and manage scan schedules.Collect a set of metrics and KPIs for our departmental use.Consider opportunities for AI to improve all of the above.TECHNICAL QUALIFICATIONSStrong familiarity and prior experience with:HTTP, PKI and signatures/encryption, SMTP, DNS, CWEs, CVEs, and other frameworks.Nessus, NMAP, ZAP, BurpSuite, Invicti, Nuclei or other scanning tools.Web application scanning and web application firewalls.Containers.CIS benchmarks, STIGs, or other security hardening standards. Additional desirable skills or experience:SAML, Kerberos, OAuth, OIDC, LDAP.Powershell and Python.Jenkins.Splunk data onboarding– indexes, sourcetypes, data models, forwarders, apps, HECs.Azure event hubs, Kafka, syslog.Sentinel, Defender, Crowdstrike, or other EDRs.GENERAL QUALIFICATIONSAble to research independently using available sources, collect data, then document a clear plan of action,Systematic thinking and troubleshooting.Able to create clear and detailed documentation of designs and processes for a diverse technical audience.Provide clear and concise communication of requirements, priorities, and status.EDUCATION REQUIREMENTSBachelor’s Degree in Information Technology or related field is considered a plus, not mandatory.