Information Security Analyst

Acquia empowers the world’s most ambitious brands to create digital customer experiences that matter. With open source Drupal at its core, the Acquia Digital Experience Platform (DXP) enables marketers, developers, and IT operations teams at thousands of global organizations to rapidly compose and deploy digital products and services that engage customers, enhance conversions, and help businesses stand out.

Headquartered in the U.S., Acquia has been named a top software company by The Software Report and rated a leader by the analyst community. Acquia’s India office is a Great Place to Work certified organization. We are Acquia. We are building for the future and we want you to be a part of it!

Role Summary:

Acquia’s global Information Security team is seeking an Information Security Analyst to work in our Pune, India office. In this role, you will perform forensic log analysis, security event monitoring, threat intelligence, and related activities.

You think like a hacker would, anticipating the moves and tactics that hackers would use to try and gain unauthorized access to Acquia systems. You stay current on the latest developments in security and exploits against cloud-based products. Your newspaper of choice is ‘The hacker news’.

Responsibilities include, but are not limited to:

• Perform security alert and event monitoring across all levels of the Acquia Platform.
• Security alert ticket triage and investigation, through to ticket closure.
• Complete essential daily analysis tasks to help ensure Acquia’s sites and infrastructure are safe.
• Perform daily review of anti-virus alerts across Acquia’s endpoints and internal network.
• Perform log analysis and related digital forensics.
• Perform weekly and monthly audit tasks for Acquia’s security compliance requirements.
• Analyse internal vulnerability reports and perform essential vulnerability management activities.
• Perform threat analysis of new CVEs, and track packages and software across the Acquia platform.
• Maintain a general knowledge of common security vulnerabilities, attack vectors, methods, and remediation techniques (DDOS, Man in the Middle, Brute Force, SQL Injections, Cross-Site Scripting, Cross-Site Forgery Request).
• Continue to develop your technical knowledge and skills to stay ahead of the threat.

Minimum Qualifications:

• 1-3.5 years prior experience working as a security analyst or part of a security operations center.
• Experience with continuous monitoring tools, such as SumoLogic, Splunk, ELK, or ArcSight is highly beneficial.
• Understanding of web technologies. ( HTTP, DNS, PKI and Networking ) is essential.
• Familiarity with one or more of the following a benefit; Linux, Apache, Nginx, Varnish, MySQL, PHP, Drupal and securing cloud based platforms (AWS).
• Good understanding of cloud security architecture and networking principles.
• Security qualifications such as CCNA, CISSP, CEH, OSCP and GCIH are beneficial.

Other Skills and Abilities:

• Desire to become a subject matter expert in the role, demonstrating a willingness to learn and a can do attitude.
• Takes on additional responsibilities to fill in the gaps. Owns deliverables, accountable for results. Recognizing when it's appropriate to jump in and own it, and also when to provide support and collaboration.
• Adopts a team approach, acknowledging and appreciating efforts, contributions, and compromises. Recognizes the common purpose of the team and respects team decisions.
• Ability to triage and track alerts and thoroughly communicate across a global team.
• Must be dependable, reliable, and able to work independently and as a member of a team.
• Strong problem-solving abilities, initiative, and ability to thrive under pressure.
• Excellent interpersonal and communication skills.

Individuals seeking employment at Acquia are considered without regard to race, color, religion, caste, creed, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. Whatever you answer will not be considered in the hiring process or thereafter.