Information Security Engineer / Analyst

Job Description

Job Description

We are seeking an Information Security Engineer / Analyst with 3–5 years of experience protecting enterprise systems and data. The ideal candidate will bring expertise in firewalls, IPS / IDS, vulnerability management, incident response, and risk assessment , along with strong scripting skills and knowledge of security frameworks such as NIST, CIS, and SOC 2 . This role is critical to ensuring the confidentiality, integrity, and availability of organizational information assets.

Key Responsibilities

Administer, monitor, and optimize firewalls , IPS / IDS , and other security appliances.

Conduct vulnerability management and oversee remediation activities.

Perform incident response , including investigation, containment, and recovery.

Execute risk assessments and security assessments across systems and applications.

Develop and maintain security architecture and system administration standards.

Implement and tune SIEM (Security Information and Event Management) solutions and log management systems.

Manage cloud security configurations, encryption controls, and secure DevOps practices.

Support change management and configuration management processes.

Script in PowerShell, Python, or VB Script to automate security monitoring and remediation.

Ensure compliance with control frameworks including NIST , CIS , and SOC 2 .

Mandatory Skills

Strong knowledge of firewall administration , IPS / IDS , and vulnerability management .

Hands-on experience with incident response and risk assessment processes.

Proficiency in PowerShell, Python, or VB Script scripting for automation.

Experience with security architecture and security administration.

Familiarity with DevOps practices in a secure environment.

Desirable Skills

Experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight) and log management.

Knowledge of cloud security principles (Azure, AWS, or GCP).

Experience with encryption technologies and key management.

Familiarity with change management and configuration management tools.

Working knowledge of compliance and control frameworks : NIST, CIS, SOC 2 .

Exposure to penetration testing or advanced security assessments.