Job Title :Information Security Analyst

Location: Mumbai

Time Zone: North America

1            Job Description

1.1                         Overview

DNEG’s Information Security (InfoSec) team has the requirement to add an Information Security Analyst to the existing global team. The Information Security Analyst position will provide essential support and assistance to the global InfoSec team and colleagues alike.

The role will be that of an InfoSec generalist with a strong foundation in technical competencies, however, the position will also be required to assist with the numerous demands that are made on the InfoSec team’s GRC (Governance, Risk and Compliance) function such as assisting with internal and external (client) audits.

1.2                        Mandatory Requirements and Expectations

The requirement to recruit an Information Security Analyst is centered around enhancing the InfoSec function’s capabilities to meet the company’s diverse assurance and compliance requirements, and to work in close collaboration with the various InfoSec teams, and to act as a support bridge between internal IT department(s) and colleagues.

A brief overview of the mandatory requirements is listed below.

●       Demonstrable experience of working in a multi-disciplinary technical role.

●       Be able to work both proactively, independently and partner with other internal teams as and when required.

●       Be a strong team player and possess a positive and professional manner.

●       Possess excellent interpersonal skills.

●       Have excellent written communication and documentation skills.

●       Experience of working within a dynamic and technically diverse environment.

●       Familiarity with security incident response processes and procedures.

2           Duties and Operational Responsibilities

●       Monitor, detect, investigate, and triage issues that might compromise the confidentiality and integrity of the company’s systems and services using a variety of InfoSec services and tools.

●       Assist with documenting InfoSec technical and procedural documentation which will assist with further maturing and streamlining existing workflows.

●       Work in close partnership and collaborate with peers, internal/external technical teams, and various departments across the company.

●       Manage remediation of relevant, reported and detected InfoSec findings that have been raised by global IT teams and colleagues alike.

●       Assist with the management and maintenance of the BAU requirements of the vulnerability assurance program.

o        Analyzing vulnerability assessments and running ad-hoc scans when required.

o        Manage remediation of findings with IT teams that are responsible for the infrastructure and end user support.

●       Work closely with the InfoSec project management (PM) function to provide artefacts and technical information as and when required to do so.

3           Requirements

3.1                        Job Requirements

A successful candidate will meet most and be able to demonstrate suitable experience to each of the following requirements.

●       5 to 8 years, plus/minus, of working either in a SOC/Security Operations role or within a suitable technical capacity would be highly beneficial.

●       Experience and/or knowledge of cybersecurity operations, incident response (IR) management, processes and procedures and investigations would be highly beneficial.

●       Experience and/or demonstrable, technical knowledge, of the following is highly desirable:

o         Network Security: Firewalls, IDS/IPS, Proxy Servers, Email and Web Content Filters.

o         Endpoint Security: Anti-Virus/Malware Mitigation (EPP), both traditional and XDR EPP solutions.

o        Access Control Concepts and Application.

o         Operating Systems: MS Windows (Client and Server O/S); multiple LINUX distributions, Mac OSX

●       Experience and/or demonstrable, technical knowledge, application, and experience with the following would be highly beneficial.:

o        Security data analytics and reporting.

o        SIEM, security data aggregation and correlation knowledge.

●       Experience and/or demonstrable understanding of working with the following Information Security frameworks would be highly beneficial.:

o        CIS

o        NIST

●       Knowledge and experience of working with mobile O/S’s and applying security controls such as MDM and MAM would be highly beneficial.

●       Knowledge and experience of BYOD and remote (WFH) working.

●       Experience and demonstrable knowledge of identity management systems would be highly beneficial.

●       Working knowledge and experience of using vulnerability assurance management toolsets and service would be highly beneficial.

●       Working knowledge and experience of network and application penetration testing methodologies and practice would be highly beneficial.

●       Willingness to assist in enhancing and maturing existing InfoSec technologies that are utilized across the InfoSec team.

●       Knowledge of privacy compliance and privacy frameworks and their applicability to a SecOps function e.g. GDPR, would be desirable.

●       Working knowledge and experience of Cloud Security (especially SaaS and PaaS), concepts and application would be highly beneficial.

●       Demonstrate experience of working within an ITIL framework and familiar with IT ticketing systems.

●       Highly motivated and bring a forward thinking and highly collaborative approach.

3.2                       Education

●       Certified Information Systems Security Professional (CISSP) required

●        A bachelor’s degree in IT or Computer Science would be desirable but is not essential.

●       Certified Ethical Hacker (CEH) and any IT certification/accreditation, such as a Cisco CCNA etc., would be desirable but is not essential.