Information Security Analyst

Security Analyst

Role: Security Analyst

Location: Pune (WFO)

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living.

The Security Analyst assesses information risk and facilitates remediation of identified vulnerabilities with Smith & Nephew network, systems and applications. S/he reports on findings and recommendations for corrective action. In this capacity, this individual performs vulnerability assessments utilizing IT security tools and methodologies. This highly visible employee facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation and reports on findings. The Security Analyst maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. S/he provides weekly project status reports, including outstanding issues. In this role, this individual assists in all IT audits, IT risk assessments, and regulatory compliance. The role is shift-based Monday to Friday outside regular office hours and also includes an on-call component for weekends.

What will you be doing?

• (20%) Security Incidents – responsible for ownership from beginning to end (investigation, documentation, and remediation)
• (20%) Monitoring — including native consoles, security information and event management, correlation tools, and other analysis tools that watch for threats, vulnerabilities, or environmental changes that affect risk.
• (20%) Implementing or approving configuration changes on some platforms in conformance with change management and control, deploying patches for security products, providing input on the deployment of patches for non-security products, and making recommendations as to when out-of-cycle patches are required.
• (20%) Helping enforce enterprise security policies and developing security operations procedures.
• (15%) Incident Management - Liaising and integrating with other IT operations and service management processes (such as problem management and configuration management) as appropriate
• (5%) On Call for Security Incidents as needed.

What you will need to be successful?

• Education: Bachelor´s degree or equivalent experience in Computer Science or related subject preferred.
• Licenses/ Certifications: PCNSA or PCNSE certification preferred 
• Current CISSP, CRISC, CISA, GIAC or equivalent certification preferred.
• SANS-related certifications Education
• Experience: At least 2 years of experience in IT information security role.
• This role will be based in Pune and will be working from office.
• 2+ years of experience as an Information Security Administrator or Engineer.
• Strong understanding of mitigating security controls (i.e., anti-virus, IPS/IDS, email filtering, web site blocking, patching) and how they work in an overall defence in-depth risk assessment methodology.
• Experience with vulnerability management and risk assessment. Knowledge of cyber security standard frameworks such as ISO and NIST.
• Understanding of network infrastructure, including firewalls, web proxy and/or email architecture- particularly as they apply in a mitigating control functionality.
• Experience with different cloud computing platforms and the cloud security framework. Excellent customer service skills and problem resolution. Experience in being able to manage and prioritize multiple tasks in an effective manner.
• Ability to work independently without daily direction. Understanding of back-channels typically used by actors for malicious activity. Understanding of obfuscation techniques and best practices for ensuring device non-attribution.
• Understanding of one or more Technology Platforms (Windows, Linux, Middleware Applications, Database Applications) - specifically as they apply to successful security control mitigation and particularly to vulnerability management.
• Understanding of distributed denial of service attack intelligence gathering, concepts, mitigation tools, and techniques.
• Understanding of mobility security device and application risk and threat assessment. Understanding of nation and non-nation state actors, hacktivist groups, advanced threats, and the "kill chain" methodology. Familiarity with secure coding best practices.

You. Unlimited.

We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve.

Inclusion + Belonging - Committed to Welcoming, Celebrating and Thriving. Learn more about our Employee Inclusion Groups on our website https://www.smith-nephew.com/

Other reasons why you will love it here!

• Your Future: Major Medical coverage + Policy exclusions and insurance non-medical limit. Educational Assistance.
• Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave.
• Your Wellbeing: Parents / Parents in Law’s Insurance, Employee Assistance Program, Parental Leave.
• Flexibility: Hybrid Work Model (For most professional roles)
• Training: Hands-On, Team-Customized, Mentorship
• Extra Perks: Free Cab Transport facility for all employees, One Time Meal provided to all employees as per shift. Night Shift Allowances.

#YS1

Stay connected by joining our Talent Community.

We're more than just a company - we're a community! Follow us on LinkedIn to see how we support and empower our employees and patients every day.  

Check us out on Glassdoor for a glimpse behind the scenes and a sneak peek into You. Unlimited., life, culture, and benefits at S+N.

Explore our website and learn more about our mission, our team, and the opportunities we offer. 

Experience Level

Mid Level