REQ12488 Senior Analyst, Information Security (Open Date: 12/02/2025)

POSITION SUMMARY:

The Senior Analyst, Information Security drives the security architecture and technology review in order to identify potential risks. Evaluates the organization’s security postures in order to provide recommendation to the management team. Configures and troubleshoots security tools according to the company policy and best practices.

Additionally carries out Penetration Testing and vulnerability management activities that include planning, coordinating executing and reporting on sophisticated ethical hacking and penetration testing scenarios that simulate the tactics, techniques, and procedures of a variety of threat actors. 

PRIMARY RESPONSIBILITIES:

Assists in strategic information security planning, based on industry-standard best practices to achieve business goals by prioritizing defence initiatives and coordinating the evaluation, deployment, and management of current and future information security technologiesAdministers cyber security tools on premise and cloud, such as DLP, Web Security Gateway, Vulnerability Management, Server Policy Compliance Management, PIM/PAM, IAM, Endpoint Management, AV, EDR, APT, CASB, Email Security etcParticipates in evaluating, planning, and implementing of new cybersecurity technologies and systemsCreates, identifies, and enhances processes that may leverage new or existing technologies to improve protection or reduce riskPerforms periodic and on-demand system audits and vulnerability assessmentsParticipates in developing, implementing, and assessing data security procedures and controls to ensure compliance with applicable regulatory and legal requirements, such as SOX, and ISO27001, GDPRParticipates in maintaining information security and risk management policies, procedures, and technical standards to support corporate objectivesRemain informed on current standards, trends, and issues in the information security industryCarries out Vulnerability Assessment and Penetration Testing to identify any weaknesses.Assists in developing a cyber-threat & vulnerability management strategy relating to Network & application penetration testing and other security assessmentsAligns vulnerability management and penetration testing functions with the organization’s overall business objectives by reducing information technology’s exposure to vulnerabilities.Assists in managing penetration testing processes and procedures and produce meaningful metrics and reportsAssists in managing remediation including mentoring vulnerability management and penetration testers in working with Information Technology to architect solutions

QUALIFICATIONS

Experience

Minimum 5 years of hands-on experience with security tools such as DLP, Web Security Gateway, Vulnerability Management, Server Policy Compliance Management, PIM/PAM, IAM, Endpoint Management, AV, EDR, APT, CASB, Email Security etcMinimum 2 years of experience preferred in one or more following area:Penetration testing (black box/white box)Application penetration test and Source code reviewsSecurity testing of web-based applicationsMobile Application Penetration Testing (Android, IOS, Windows Mobile)Cloud, Network, Wireless Network, and Infrastructure Penetration TestingExperience with multiple operating systems security: Windows Servers and Clients, Linux, and UnixSolid understanding of network design, architecture, OSI model and TCP/IPExposure to Cloud computingKnowledge of Web and application-based securityKnowledge of encryption, such as PKI, SSL/TLS, Data at Rest

Education

Bachelor’s degree in management information system, Computer Science, or related disciplines.Security tools technical certificates from vendorsCertification in Information Security (e.g., CISSP, CISM, CISA, CCSP etc) is highly desirableCertification in penetration testing such as Certified Ethical Hacker (CEH) or GIAC (Global Information Assurance Certification) or Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) will be considered as an advantage

Skills / Competencies

Good communication skill on report writing and presentationAble to work independently and cope with result-oriented demandEffective organizational and time management skills requiredWell organized and detail-oriented on delivering the assigned taskCommit and strong sense of responsibility to the role and the teamAbility to identify, analyse and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organizationStrong analytical skills/problem solving/conceptual thinking

PERSONAL COMPETENCIES:

Displays a high commitment to delivering resultsCommunicates effectivelyAchieves agreed objectives and accepts accountability for resultsDisplays the highest level of integrityAbility to maintain discretionSelf-motivatedApproachable