Security Analyst Job in Keka Software Company

A mid-level Security Engineer typically possesses a solid understanding of information security principles and technologies. Here are some key capabilities they may have: 1. Security Infrastructure: Mid-level Security Engineers are proficient in implementing and managing security infrastructure components, such as firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs). They have knowledge of network protocols, encryption methods, and access control mechanisms. 2. Vulnerability Assessment and Penetration Testing: They have experience in conducting vulnerability assessments and penetration testing to identify weaknesses in systems and networks. They can use tools and techniques to assess vulnerabilities and recommend remediation measures. 3. Incident Response: Mid-level Security Engineers can participate in incident response activities, such as investigating security incidents, analyzing security logs, and containing and mitigating security breaches. They may collaborate with incident response teams to restore systems and develop incident response plans. 4. Security Policies and Procedures: They are familiar with developing and implementing security policies, standards, and procedures to ensure compliance with industry regulations and best practices. They may assist in creating security awareness programs for employees. 5. Security Monitoring and SIEM: They have knowledge of security monitoring tools and security information and event management (SIEM) systems. They can analyze security logs, detect and respond to security incidents, and generate reports to track security incidents and trends. 6. Identity and Access Management: Mid-level Security Engineers are capable of managing user access to systems, applications, and data. They understand concepts like role-based access control (RBAC), multi-factor authentication (MFA), and identity federation. 7. Security Audits and Compliance: They can participate in security audits to assess compliance with relevant security standards, regulations, and frameworks. They assist in remediation efforts and maintaining documentation for compliance purposes. Security Awareness and Training: They can contribute to security awareness programs and deliver training sessions to educate employees about security best practices, social engineering risks, and data protection measures. Bachelor's degree in Computer Science, Information Security, or a related field. 3-5 years of experience in information security or a similar role. In-depth knowledge of security principles, technologies, and best practices. Proficiency in implementing and managing security infrastructure components. Experience with vulnerability assessment and penetration testing tools and methodologies. Familiarity with security monitoring tools and SIEM systems. Strong understanding of network protocols, encryption methods, and access control mechanisms. Knowledge of industry regulations and compliance frameworks (e.g., ISO, SOC2, GDPR). Excellent problem-solving and analytical skills. Effective communication and collaboration abilities. Relevant certifications such as CISSP, CISM, or CEH are a plus.