The Associate Information Security Services Analyst is responsible for supporting with the planning, implementation, and management of information security measures to safeguard the organization's digital assets and systems and contributes to maintaining a secure and compliant environment.

Key responsibilities:

Plans, executes and manages complex penetration testing engagements on various IT assets, including networks, applications and databases.

Conducts simulated cyber-attacks, including social engineering, to identify vulnerabilities and assesses the organization's resilience to cyber threats.

Performs penetration tests against internal and external facing systems.

Analyses and interprets penetration test results and provides detailed reports to relevant stakeholders.

Provides input to improve the quality and effectiveness of tests in a highly scaled and global environment.

Articulates complex technical risks through creation of reports and delivering presentations to key stakeholders.

Works with Security DevOps teams to test the orchestration and automation processes and platforms, feed results into a testing program.

Supports the assessment risk and the development and/or recommends appropriate mitigation countermeasures based on empirical testing.

Provides comprehensive technical expertise with web, application and database vulnerability testing.

Supports the development of the security automation framework and the implementation roadmap.

Provides actionable security recommendations and mitigation strategies to address identified vulnerabilities.

Ensures that penetration testing activities align with relevant industry standards, compliance regulations, and best practices.

Contributes to any security awareness training and education programs to promote a culture of cybersecurity within the

organization.

Stays up to date with the latest cybersecurity threats, attack vectors, and defensive technologies to continuously improve

To thrive in this role, you need to have:

Good communication skills to effectively convey technical information to non-technical stakeholders.

Good analytical thinking and problem-solving skills to prevent hacking on a network.

Ability to identify and mitigate network vulnerabilities and explain how to avoid them.

Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts.

Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact.

Some proficiency with MAC and OS.

Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR).

Basic understanding of network and system architecture, protocols, and security controls.

Ability to analyze security incidents and assess potential risks.

Ability to work both independently and collaboratively in a fast-paced environment.

Academic qualifications and certifications:

Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related.

Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH) are advantageous.

Required experience:

A minimum of 6 months demonstrated experience in information security or cybersecurity, or related roles.

Entry level demonstrated experience working in a global IT organization.

Entry level demonstrated experience with computer network penetration testing and techniques.

Entry level demonstrated experience with security assessment and vulnerability scanning tools