Information Security Analyst

Job Description:

Petrolink is a global company that specializes in user-driven technology for the Oil and Gas Industry. We are currently looking for a new Information Security Analyst to join our team.

We are seeking an experienced and highly skilled Information Security Analyst to join our organization. As an Information Security Analyst, you will be responsible for ensuring the confidentiality, integrity, and availability of our organization’s information assets. You will play a crucial role in identifying and mitigating security risks, implementing effective security measures, and ensuring compliance with industry best practices and regulatory requirements.

Responsibilities:

• Conduct regular security assessments and vulnerability scans to identify potential weaknesses or security breaches.
• Analyze security alerts and logs to detect and investigate potential security incidents.
• Develop and maintain information security policies, procedures, and standards to ensure compliance with industry regulations and best practices.
• Implement and manage security controls, including firewalls, intrusion detection and prevention systems, encryption mechanisms, and access controls.
• Monitor and respond to security incidents, conducting thorough investigations and implementing appropriate remediation measures.
• Conduct security awareness and training programs for employees to promote a culture of security awareness and compliance.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry trends to proactively address potential risks.
• Collaborate with cross-functional teams to ensure security is integrated into the design and development of systems, applications, and infrastructure.
• Perform risk assessments and provide recommendations for improving the security posture of the organization.
• Assist in the development and implementation of disaster recovery and business continuity plans.
• Works with internal customers to interpret/clarify/implement security requirements and any changes in the current security practice.
• Continuous improvement of the security defence capabilities.
• All other duties as assigned.
• Proficiency in performing security assessments and audits to identify vulnerabilities and recommend remediation measures.
• Strong knowledge of network protocols, including TCP/IP, DNS, DHCP, HTTP, SSL/TLS, and VPN.
• Experience with security incident response, including incident detection, containment, eradication, and recovery.
• Familiarity with security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls.
• Understanding of web application security, including common vulnerabilities (OWASP Top 10) and secure coding practices.
• Proficient in log analysis and monitoring tools to detect and respond to security events.
• Experience with data encryption technologies, such as disk encryption, file-level encryption, and data-at-rest encryption.
• Familiarity with secure configuration and hardening of various operating systems, databases, and network devices.
• Ability to conduct digital forensics and incident investigation to identify the root cause and impact of security incidents.
• Experience in utilizing common SIEM (Security Information and Event Management) tools such as Splunk, Sentinel, or QRadar to collect, analyze, and correlate security logs and events.
• Experience with vulnerability scanning tools, such as Nessus, Qualys, or Rapid7, to identify and assess security vulnerabilities in systems, networks, and applications.
• Knowledge of cloud security principles and experience working with cloud platforms, particularly Microsoft Azure, including familiarity with Azure Active Directory (Azure AD) and its security features.
• Understanding of Active Directory (AD) and its security configurations, including group policies, permissions, and authentication mechanisms.
• Proficiency in securing web applications and familiarity with common web application vulnerabilities, such as cross-site scripting (XSS), SQL injection, and session hijacking.
• Knowledge of secure network architecture design principles, including network segmentation, DMZ configuration, and secure remote access.
• Familiarity with identity and access management (IAM) concepts, including user provisioning, role-based access control (RBAC), and multi-factor authentication (MFA).
• Strong analytical and problem-solving skills with the ability to quickly identify and resolve security issues.
• Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels of the organization.
• Up-to-date knowledge of emerging security threats and trends.
• Understanding of risk management principles and methodologies.
• Working experience in ITSM ticketing tools is an added advantage.

Qualification :

• Bachelor’s degree in computer science, or equivalent work experience.
• Minimum 2 Years working experience as an Information Security Analyst or in a similar role.
• Security certification like Security+, CCNA Security, CCNP Security, GIAC, CompTIA, CEH, CHFI or similar (desirable).

Please read the privacy notice for job applicants here : https://www.petrolink.com/privacy-notice-job-applicants/

Petrolink Offer a Competitive Total Remuneration Package.

Closing Date for Applications 31^st October 2023.