Information Security Analyst

Job Overview:
The Information Security Analyst will be responsible for protecting IFZA's information systems by identifying, assessing, and mitigating security risks. This role involves monitoring, analyzing, and responding to security incidents, implementing security measures, and ensuring compliance with industry standards and regulations. The ideal candidate is proactive, detail-oriented, and possesses strong technical and analytical skills.

Main Responsibilities:

• Threat Monitoring and Incident Response:
  

• Monitor network traffic and security alerts for potential threats using SIEM tools (e.g., Microsoft Sentinel).
  

• Investigate and respond to security incidents, including malware infections, phishing attacks, and unauthorized access.
  

• Conduct root cause analysis and document incident reports with remediation recommendations.
  

• Risk Assessment and Vulnerability Management:
  

• Perform regular vulnerability scans and penetration testing to identify weaknesses in systems and applications.
  

• Collaborate with IT teams to prioritize and remediate vulnerabilities.
  

• Conduct risk assessments to evaluate potential security threats and recommend mitigation strategies.
  

• Security Policy and Compliance:
  

• Implement, and enforce security policies, procedures, and standards in alignment with frameworks such as NIST, ISO 27001, or GDPR.
  

• Ensure compliance with regulatory requirements and industry’s best practices.
  

• Assist in preparing for and responding to internal and external audits.
  

• Security Awareness and Training:
  

• Conduct security awareness training for employees to promote best practices (e.g., password management, phishing prevention).
  

• Create and distribute educational materials on emerging cyber threats.
  

• System and Network Security:
  

• Configure and manage security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection solutions.
  

• Implement and monitor encryption, authentication, and access control mechanisms.
  

• Threat Intelligence and Research:
  

• Stay updated on the latest cyber threats, vulnerabilities, and attack vectors.
  

• Analyze threat intelligence reports and apply findings to enhance organizational security posture.
  
  
  
  

• Bachelor’s in Engineering, Computer Science, or related field.
  
• 8+ years of experience in Information Security.
  
• Minimum 3 + years hands-on experience in SOC, blue-team, or security engineering roles.
  
• Proven expertise with Microsoft Sentinel, Microsoft Defender, Incident management, Compromised recovery, patch management and vulnerability management platform.
  
• Solid grasp of TCP/IP, Windows/Linux internals, AWS/Azure security primitives.
  
• Scripting for automation (Python, Bash, or PowerShell).
  
• Familiarity with MITRE ATTACK mapping and threat-hunting methodology.
  
• CompTIA Security+, CEH, GRC, CCNA or CCNP - Security.
  
• Analytical mindset with strong investigation and documentation discipline.
  
• Clear verbal/written communication for incident briefings and executive reports.
  
• Ability to multitask and stay calm under pressure.
  
• Experience with Zero Trust architecture projects.
  
• Knowledge of privacy regulations (GDPR, HIPAA, PDPA).
  
• Exposure to DevSecOps.
  
  
  

• International team (over 60 nationalities)
  
• 24 working days as annual leave
  
• Annual flight home
  
• Life insurance plan
  
• Medical insurance plan (with the option to upgrade at your own cost)