Job Role: Information & Cyber Security Analyst
Qualification: Bachelor's degree in computer science, cybersecurity or related field.
Age Range:: 25 – 35 years
Minimum of 2-3 years post qualification experience. It is preferable that the ideal candidate possess experience in the Insurance Services Sector.
Job Objectives: Information & Cyber Security Analyst
Responsible for keeping data safe and assets protected across the organization by monitoring, reporting, and addressing actual and potential information security issues.
Job Responsibilities and Duties: Information & Cyber Security Analyst
- Install security measures and operate software to protect systems and information infrastructure including firewalls and data encryption programs.
- Monitor computer networks for security issues, investigate and document security breaches and other cybersecurity incidents.
- Perform Vulnerability Assessments and Penetration tests (VAPT) and uncover server & network vulnerabilities and monitor the implementation of remediation action plans for vulnerability management; follow-up with relevant stakeholders responsible for performing the actions.
- Conduct application security/penetration tests of internal/external web, mobile and web service applications, leveraging both manual techniques and automated tools and report identified vulnerabilities.
- Research security enhancements and make recommendations to management and develop organization-wide best practices for IT security.
- Promote a culture of information security and raise awareness and stay current on IT security trends and news.
- Information / Cyber Security certifications such as CISSP, CISA, CISM,CEH, OSCP, ECSA, GCIA and GWAPT are an added advantage.
- Experience in information security or related field.
- Experience in conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, APIs, platforms to find flaws and exploits.
- Experience with vulnerability assessment tools and penetration testing techniques.
- Good understanding of cyber security risks associated with various technologies and ways to manage them.
- Understanding patch management with the ability to deploy patches in a timely manner while understanding business impact.
- Understanding of secure coding practices, firewalls, proxies, SIEM, antivirus, IDS/IPS concepts, network and web related protocols/technologies.
- Verbal & Written communication skills, including presentation skills with an ability to communicate with a range of technical and non-technical team members and other relevant individuals.