We are now looking for an Information and Communication Technology (ICT) Security Analyst. In this role, you will ensure proper protection of information assets, accessed through the Ericsson IT environment. You will be a key player by providing IT security operations, expertise, support and solutions, based on the IT Security requirements and enabling compliance with applicable internal /external requirements, laws, regulations and standards.
This person will be responsible for conducting a Technical Security assessment (vulnerability Management, Application Assessment and Penetration Testing), a program designed for portfolio of all platforms\applications that are provided on premises/cloud. This role will be a key contributor in establishing IT Security strategic direction and ensuring alignment with Company strategic business direction. This position requires a broad knowledge of security technologies, processes and strategies and Demonstrated knowledge of Vulnerability Management and Penetration testing is also required.
- To perform of IT security Operations (24 x 7, 365 days per year) and ensure that Operational objectives are achieved.
- Good knowledge about process / metrics and IT Security Controls. Ability to create new process and reporting matrices as and when required
- Responsible to execute Ericsson IT Security requirements.
- Perform vulnerability Management, Application Assessments & Penetration testing across platform & applications.
- Well verse with OWASP Top 10 requirements
- Technical contact/lead within the Vulnerability Management Segment.
- Assists in translating operational/business requirements into technical requirements
- Analyze the output from vulnerability assessments, classify and rank risks.
- Interface with other Business units/functions/stake holders concerning Scanners/technical issues.
- Recommending break fixes for identified vulnerabilities
- Reporting and statistics
- Co-ordinating with teams on closure of identified Vulnerabilities
- Analyze and contextualize threat intelligence feeds (zero-day vulnerabilities, malware, etc.) and provide applicable solutions to implement protective controls and/or countermeasures
- Develop and execute continuous improvement plan to optimize and improve efficiency of various cyber defense technologies.
- Perform routine security functions for risk detection, prevention, and response
- Demonstrate technical skills in security architecture review, secure network design review, gap analysis and opportunity to fine-time and/or integrate security technologies
- Experience in IT Security and risk management. IT Security related certification like CEH and OSCP certification is an added advantage.
- Knowledge of Tenable/Nessus, Qualys, HP Web Inspect, IBM AppScan, PT Tools
- Good administration and troubleshooting skills on two or more technologies mentioned above would be desired
- Exposure to Windows, Linux and Open Source Intelligence
- Excellent technical documentation skills
- Extensive knowledge in Security risk assessment. Implementation of solutions
- Learning and Researching
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Défense-in-Depth)
- Knowledge of Vulnerability Assessment tools like Nessus Security Center, Nessus Scanner, Qualys. Etc.
- Knowledge of penetration testing principles, tools, and techniques (e.g., Metasploit, Neosploit, Web application scanning tools like IBM AppScan, etc.)
- Knowledge of programming language structures and logic
- Knowledge of system and application security threats and vulnerabilities
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)
- Knowledge of systems diagnostic tools and fault identification techniques
- Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
- Skill in applying host/network access controls (e.g., access control list)
- Skill in assessing the robustness of security systems and designs
- Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems
- Education: BE or any bachelor’s degree
- Total 8 to 10 years of experience with at least 7+ years of experience in IT Security Assessments
- Ability to work at odd hours
- Interested in Technology and Communication.
- Good documentation skills
- The ability to work constructively under pressure.
- Flexibility and ability to work both in a team as well as individually.
- Excellent communication skills
- Communication and people skills, as the role involves extensive interaction with internal and external partners
- Analytical skill
- Experience with regulatory requirements such as e.g. SOX, information security or IT security standards, Ericsson steering documents
- In-depth and working knowledge of ISO 27002 controls and how they should be implemented to secure Ericsson’s information technology environments