Security Analyst

Job Description:

1. Vulnerability & Security Assessment:

• Perform Network Vulnerability Assessments (NVA) using approved vulnerability scanning tools.
• Coordinate and support VAPT / WAPT activities, including scope validation, scheduling, execution support, and retesting.
• Analyse scan results, validate false positives, and prioritise remediation based on risk.
• Track remediation actions, evidence, and closure status across projects.
• Maintain vulnerability metrics, trends, and security posture dashboards.

2. Identity & Access Management (IAM):

• Support implementation, configuration, operation, and maintenance of IAM platforms
• Perform Day-2 IAM operations, including:
• Authentication and access policy configuration
• Federation and SSO troubleshooting
• Certificate lifecycle management
• High availability, node health, and recovery support
• Support IAM integration with applications, APIs, and third-party identity providers.

3. Cryptographic Key Management:

• Operate and support Key Management Systems (KMS).
• Perform key lifecycle management, including:
• Key generation, rotation, archival, and destruction
• Access control and separation of duties
• Backup, restore, and failover procedures
• Support integration of Thales KMS with applications, databases, and cloud services.
• Ensure cryptographic operations align with security policies, compliance requirements, and customer expectations.
• Assist in troubleshooting encryption, decryption, and key access issues.

4. Customer & Stakeholder Security Support:

1. Respond to customer cybersecurity queries, including:
2. Security architecture explanations
3. IAM and encryption design justifications
4. Vulnerability and remediation clarifications
5. Compliance and assurance questions (e.g. ISO 27001, SOC 2, MAS TRM, IM8, PCI DSS where applicable)
6. Support security questionnaires, audits, and due-diligence assessments with clear and auditable responses.

5. Project Security Health & Reporting:

• Monitor and report on project and platform security health, including:
• o Vulnerability status and remediation progress
• o IAM and KMS operational risks
• o Open security issues and accepted risks
• Produce regular security health reports for management and project stakeholders.
• Maintain risk registers and track security action items.

6. Security Operations & Governance:

• Support security incident investigations involving IAM or cryptographic components.
• Ensure security controls are implemented in accordance with internal standards and customer contractual requirements.
• Maintain security documentation, SOPs, and operational runbooks.
• Support internal and external audits by providing technical evidence and walkthroughs.

Requirements:

Technical Skills:

• Hands-on experience with vulnerability scanning tools (e.g. Nessus, Qualys, Rapid7, OpenVAS).
• Strong understanding of network, system, and application security.
• Practical experience supporting IAM platforms, preferably IBM ISAM.
• Hands-on experience with key management systems.
• Knowledge of cryptographic concepts:
• Encryption at rest and in transit
• Key lifecycle management
• PKI, certificates, and TLS
• Familiarity with Linux systems and troubleshooting production security platforms.

Security & Compliance Knowledge:

• Familiarity with security frameworks and standards (ISO 27001/27002, NIST, CIS).
• Experience supporting customer security reviews and audits.
• Ability to translate technical security controls into risk-based explanations.

Soft Skills:

• Strong written and verbal communication skills.
• Comfortable engaging with customers, auditors, and internal engineering teams.
• Structured, detail-oriented approach to BAU security operations.
• Able to manage multiple security workstreams concurrently.

Nice-to-Have:

• Experience in regulated or government environments.
• Exposure to cloud security and cloud KMS integrations.
• Security certifications (CISSP, CISM, CCSP) or vendor IAM/KMS certifications.