Information Security Analyst - IT/End User Protection

Information Security Analyst - IT / End User Protection - India

A quick snapshot…

Aptos develops and maintains retail software for around 1000 global brands. To support growth in the Company, the Information security team now needs to expand globally. This is a newly created role and you will be relied upon for many local processes as well as administrative capabilities for the Information Security Team within the Corp IT environment. 

Here’s what you’ll do…

• Assist with the rollout, alerting and responding to Microsoft E5 cloud security tools - Defender/DLP/CASB etc
• Be responsible for approximately 250 local end users and their devices
• Validate IT asset inventories
• Work with Corporate IT team to ensure vulnerability management and logging tools are fully deployed
• Support day to day operations & management of security solutions
• Work with end users to remediate vulnerabilities across multiple regions and time zones
• Organisation and (or) management of penetration testing and remediation
• Monitor and respond to alerts across the organisation
• Identification of scope, deployment and utilization of security tool sets. Recommendations of activities to get better value for money out of these tools (experience with Carbon Black, McAfee, Fortinet and/ or Qualys query writing a bonus)
• Administration of password management tools to ensure minimum privileges yet availability is consistent with agreed scope.
• Using SIEM tools – Monitoring, responding to and triaging security alarms within both cloud and endpoint environments
• Initiating ingest/parsing data to an MSSP and working to build playbooks
• Evaluate as-is systems controls to help identify security posture & performance improvement opportunities
• Analyse vulnerability data and work with relevant stakeholders to prioritise and remediate identified vulnerabilities – this is critical
• CIS policy hardening benchmark management - with Corp IT Infrastructure and endpoints
• Contribute to team's ability to understand, quantify, prioritise and mitigate risk
• Experience of conducting internal penetration tests (nice to have)
• Risk assessment
• Assistance with 3rd party vendor assessment
• Assist with security communications program and the development of training and awareness programs
• Data classification and tagging, implementing a new DLP/CASB/SASE solution
• Assist with development and testing of BCP/DR plans
• Reporting of project/BAU status to management
• Responding on a rota basis to 24 hour security incidents

#LI-SP1