Senior Information Security Analyst

About Policybazaar.com –

We believe in insurance for all, and we drive it through unbiased information and time-efficient processes for all Indian customers. As Indias largest insurance brokers, we consider it our responsibility to be every Indian customers one-stop portal for protection against death, disease and disability as well as for mindful investment planning. We understand customers; anxiety about claim settlement, so we offer 24x7 online support, on-ground support, as well and even host special claim samadhan events where stuck claims can be reopened and resolved instantly. Our mission, in keeping with IRDAI's inspiring vision, is Har Family Hogi Insured by 2047.

Companies – Paisabazaar.com, Docprime, QuickFixCars, Policybazaar.ae, Zphin

Visit policybazaar.com to know more about us.

JOB DESCRIPTION-SENIOR INFORMATION SECUIRTY ANALYST

What we are looking for in a candidate

● Interact with teams to develop understanding of Policybazaar’s security landscape/posture

● Execution of/support the team in techno compliance gap assessments against the below mentioned standards/guidelines: ISO 27001 , PCI DSS ,CERT-In , NIST-CSF

● Understanding/Implementing information security policies and processes in accordance with industry best practices

● Conducting vulnerability scans and penetration testing to identify security weaknesses across infrastructure and application landscape

● Documenting and reporting findings, including recommendations for remediation and liaising with internal stakeholders for closure

● Staying current with new attack vectors and tools, and incorporating them into testing procedures

● Collaborating with other teams to prioritize remediation efforts

Skills

● Proven work experience of 2-3 years in information security domain

● B.Tech or equivalent degree in Computer Science, Information Security or related field

● Excellent written and verbal communication skills

● Good understanding of technology risk assessment frameworks

● Ability to contribute individually, and as a part of team

● Knowledge of OWASP Top 10 is a must

● Knowledge of NIST CSF, MITRE ATT&CK is preferable

● Good to have technical security certifications like OSCP, PNPT, CRTP, or similar

● Experienced in DAST, SAST and Infra VAPTand infrastructure penetration testing techniques

● Experienced in penetration testing methodology and techniques

● Ability to identify security vulnerabilities and suggest appropriate mitigation steps

● Must have knowledge about the Cyber threat Intelligence and Source Code Review