Lead Security Analyst

Vulnerability Management Analyst IntroductionWe are seeking for a Vulnerability Management Analyst to support daily operations of our vulnerability assessment platform. This role involves executing scheduled scans, managing asset groupings, tracking remediation efforts, and generating dashboards and reports. The ideal candidate is detail-oriented, collaborative, and eager to grow in the cybersecurity and risk management field. Your Role And Responsibilities Execute scheduled and ad-hoc vulnerability scans, including discovery, compliance, and web application scans. Monitor scan schedules and ensure timely completion across in-scope systems and assets. Manage and update asset groupings, scan configurations, and scan credentials within the VA platform. Analyze scan findings, generate posture reports, and escalate critical issues based on defined SLAs. Support in generating weekly vulnerability dashboards and monthly executive summary reports. Track remediation activities in collaboration with server, network, and application teams; provide timely updates. Assist in agent deployment, configuration, and troubleshooting across supported assets. Conduct ad-hoc scanning requests from internal audit, risk, or operational teams and prepare tailored reports. Support documentation and SOPs related to scanning procedures, asset onboarding, and credential management. Contribute to audit readiness by maintaining accurate records of scans, findings, and remediation status. Collaborate with the SME and security teams in maintaining platform stability, versioning, and health. Preferred EducationBachelor's Degree ExperienceRequired technical and professional expertise Hands-on experience with VA platforms such as Qualys, Tenable, or Rapid7. Basic understanding of asset discovery, vulnerability scoring (CVSS), and common remediation strategies. Strong attention to detail and ability to track multiple remediation efforts across different teams. Soft Skills Strong analytical and problem-solving abilities with keen attention to detail. Preferred CertificationsPreferred technical and professional experience Tenable Certified Analyst or Qualys Certified Specialist or similar certifications GIAC Security Essentials (optional) Lead-Security Mgmt Company DescriptionThe purpose of this position is to ensure the safety and security of the company which includes but is not limited to employees, assets and information and reputation. This position shall also ensure all the global physical security, health and safety guidelines (including the client specific directives) at location. Job DescriptionSite(s) Security Management Implements the company's and customer's security and safety policies and procedures among employees, contractors, clients and other third parties. Ensures 99.9% uptime operation of the Security System (CCTV, Access Control and Intrusion Alarm) and Fire Safety System (Fire Alarm & Detection System, Fire Extinguishers, Emergency Lightings, Emergency Doors, FM200 and VESDA etc.) by: Completing the recommended maintenance requirements of the manufacturers, Perform Level 1 troubleshooting malfunctions and calling the vendors repairs. Coordinates preventive maintenance and repairs of safety devices in coordination with site facility team. Liaises with local law enforcement agency on Security issues and maintain site's security. Assists Geo Head – Security & Safety with all incident investigations and subsequent reports Assist Geo Head – Security & Safety in the security system design of new projects within AOR. Liaises with emergency and fire services as and when required Supervises the security guard force management, trainings and conducts regular security guard force performance review activities. Conducts a monthly internal compliance audit on specific Physical Security requirements of clients as per MSA or SOW. Conducts floor checks to identify security violations and lapses Collates the security and safety site reports on a daily / monthly basis Facilitates the NHO to promote security and safety awareness within the organization. Attends safety and security meeting for self-development. Health & Safety ManagementDesignated as Local Safety Officer, he / she will be working directly with the Global Health & Safety Manager in performing the following: Monitors the compliance of the site to company's OHS policy and procedures Conducts site's safety inspection and resolves immediately unsafe and unhealthy conditions Conducts incident investigation and ensures that the approved Corrective and Preventive Actions are implemented on timely-manner Conducts Safety Induction for all new outsource staff and vendors Qualifications Should be fluent in English and Tagalog College Graduate / Veteran of Armed Forces with at least 3 years' experience in the Security and Safety Working knowledge of computers and MS Office Preferred if Certified as a Security Professional Trained in First Aid and Emergency Management Additional InformationObjective of this position is to develop, implement, coordinate, maintain, and monitor enterprise-wide physical security and safety policies, procedures and guidelines for the protection of employees, information, assets and reputation of the organization. CNS GBC ACS Engagement Lead Security APJ Job DescriptionThe Security Consulting Engagement Lead drives security consulting sales and delivery with key accounts in APJ. Advising key accounts on their security strategy is an essential part of your role as well as to increase security consulting revenue via a business sense. Senior Security Consultant positioning security services and solutions in the respective markets, define business models, segmentation, and pricing. Advising Nokia's customer in regard to the security evolution, auditing or assessing the customer domains and finding the optimal transformation concepts. The Senior Security Consultant will contribute and update specific areas of the consulting portfolio / services, from conception to scale-up or sell-through. Senior Security consultants shall become an active part of the consulting and security community and improve methodologies and frameworks as well as participate in open knowledge sharing in the Nokia Cloud and Network Services (CNS) communities. How You Will Contribute And What You Will Learn Grow Asian Security Consulting Market: Identify and create new opportunities through consulting, customer relationship management, and cross-selling. Enhance Customer Satisfaction: Provide excellent insights into customer strategy and demand, improving security loyalty, brand perception, and reputation. Understand Customer Needs: Identify and interpret customers' security business needs. Develop Security Consulting Sales: Drive sales growth in the APJ region. Lead Security Consulting Portfolio: Take responsibility for the portfolio, drive customer engagements, and manage sales. Perform Security Reviews: Independently conduct security reviews of customer systems, applications, and integrations. Provide Recommendations & Solutions: Articulate findings to stakeholders, offer defensible recommendations, and negotiate remediation plans. Lead Consultative Engagements: Work with key customers to refine security consulting capabilities for maximum satisfaction and competitive differentiation. Contribute to Sales & Marketing: Create sales/marketing plans and collateral, including competitive analysis, presentations, whitepapers, case studies, and value proposition messages. Collaborate with Teams: Maintain close contact with sales, sales support, R&D, and supply chain teams. Key Skills And ExperienceYou have: Excellent insight into customer strategy and demand addressed by security advisories Ability and flexibility to develop and deliver presentations to a wide variety of audiences and to define and participate in conferences, trade shows Strong consulting skills to work with both, external and internal customers and suppliers including excellent written and verbal communications skills; ability to communicate technology strategy and architecture approach to engineers, sales, and customers High energy and willingness to work in a fast-paced and dynamic environment highly independent 7+ years of expertise in (telco) security area including industry certifications in the security space (CISSP, CISA, CEH or similar) incl. Knowledge of security technologies, devices and countermeasures as well as the risk & threats they are designed to counter It will be good if you also had: Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc. Good grasp of NIST, PCI, ISO and SOC security guidance's and documents Information Security Lead JOB SUMMARY The Information Security Lead will play a critical role in shaping and executing our information security strategy. This role involves leading the development and enforcement of security policies, conducting risk assessments, overseeing incident response, and ensuring regulatory compliance. You will act as the champion for security across the organization, advocating for best practices while fostering a culture of security awareness. A mid-level management position in nature, this role will serve as the catalyst for a successful career in Operational Management for the right candidate. KEY DUTIES AND RESPONSIBILITIES Develop & Execute Security Strategy Collaborate with the Infrastructure Security team to design and implement an organization-wide security strategy that addresses both proactive and reactive measures to protect sensitive data and systems. Align the organization's overall business strategy with information security priorities in collaboration with key stakeholders. Develop clear, measurable security objectives that are aligned with business goals and regulatory requirements. Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI-DSS) and align security measures with regulatory requirements. Lead audits and ensure adherence to security frameworks such as ISO 27001, NIST, etc. Risk & Vulnerability Management Identify, assess, and mitigate security risks and vulnerabilities across the infrastructure. Lead regular risk assessments and recommend appropriate security controls. Create and maintain data flow maps to ensure all relevant risks are identified in internal systems. Conduct regular scans and assessments of infrastructure, applications, and networks to identify vulnerabilities. Utilize industry-standard tools (e.g., Nessus, Qualys, or custom scripts) to detect flaws in configurations, code, and infrastructure. Collaborate with IT, development, and relevant teams to address risks and vulnerabilities. Incident Response Drive investigations into breaches, coordinating with internal teams to mitigate damage and restore services. Prepare detailed incident reports including timeline, root cause, response actions, lessons learned, and follow-up activities. Work with relevant teams (e.g., IT, development) to eliminate threats and prevent recurrence. Communicate incident status and impact to key stakeholders (senior management, legal, compliance, etc.). Recommend improvements to detection, response time, and mitigation strategies. Conduct tabletop exercises and simulation drills to test the effectiveness of the Incident Response Plan (IRP). QUALIFICATIONS (Skills and Experience) Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience). Experience in information security with a focus on risk management, incident response, and compliance. Familiarity with security tools, firewalls, encryption, IDS/IPS, and vulnerability management. Expertise in security frameworks (e.g., ISO 27001, NIST, PCI-DSS). Hands-on experience with incident management, breach investigations, and response planning. Strong foundation in IT infrastructure, network, and security. Experience with cloud security (AWS, Azure, etc.), network security, and endpoint protection. Excellent communication skills to explain security concepts to both technical and non-technical audiences. Ability to lead and motivate teams while managing strategic and operational security tasks. Security certifications such as CC, CISSP, CISM, CISA, or similar are a plus. IT Security Lead As the IT Security Lead, you will be responsible for protecting the organization's digital assets and ensuring a strong security posture across all technology domains. You will collaborate closely with our SOC provider and internal teams to implement best practices, manage risks, and respond effectively to security incidents. Key Responsibilities Infrastructure Security Design security architecture and roadmaps for critical infrastructure. Oversee the deployment and management of security tools, including: Intrusion Prevention Systems (IPS) Security Information and Event Management (SIEM) Malware proxies Network and system access controls Firewalls Authentication mechanisms Enterprise monitoring solutions Network Security Partner with network teams to strengthen security across LANs, WANs, VPNs, routers, and wireless networks. Implement and maintain network and application firewalls to safeguard communications. AI Security Keep up to date with emerging AI-related security risks. Assess, monitor, and mitigate potential risks associated with AI technologies. BYOD Security Develop, implement, and enforce policies for Bring Your Own Device (BYOD). Ensure personal devices are securely integrated into the corporate environment. Risk Management Conduct regular risk assessments and create effective mitigation strategies. Collaborate with business stakeholders to identify, prioritize, and manage risks. Malware Protection Deploy and manage antivirus and anti-malware solutions. Continuously monitor and respond to virus and malware-related incidents. Security Awareness & Training Partner with vendors to design and deliver security awareness programs. Plan and execute phishing simulation campaigns to train employees in recognizing threats. Incident Monitoring & Response Communicate security risks and recommendations to senior leaders and stakeholders. Review, refine, and optimize SIEM alerts and systems. Contribute to enterprise vulnerability management. Lead or support incident response, escalation, and resolution efforts. Leadership & Guidance Provide mentorship and security guidance to junior CSIRT members and other business units. Strengthen the organization's forensic investigation capabilities while minimizing disruption to operations. Participate in endpoint forensic analysis and investigations. Application Security Lead Job Title: Application Security Lead Key Roles and Responsibilities Develops and implements cybersecurity strategies, policies, procedures, and incident response plans, ensuring alignment with organizational objectives and compliance with relevant standards and regulations. Supports the Head of Infrastructure and Security Management by overseeing the organization's overall cybersecurity posture and risk management initiatives. Conducts regular risk assessments, vulnerability scans, penetration testing, and incident monitoring, implementing appropriate controls and coordinating with internal teams to mitigate threats and manage recovery efforts. Manage security tools and systems, including firewalls, intrusion detection systems, SIEM, and VAPT tools, router and switch configurations Maintains logs, documents incident responses, and ensures cybersecurity incidents are properly recorded and reviewed. Collaborates with cross-functional teams (Systems, Networks, Application Development, Solutions Development) to embed security into systems and operations, approve system access changes, and communicate security risks and recommendations to stakeholders. Leads security awareness and education initiatives, delivering training programs on best practices, phishing prevention, evolving threats, and user responsibilities to employees and management. Reviews IT processes, business services, and infrastructure to ensure alignment with established security, compliance, and governance standards. Supports the Data Protection Officer (DPO) in the implementation of enterprise risk management initiatives and data protection measures. Develops and maintains risk management frameworks, including policies and procedures for business continuity, disaster recovery, and infrastructure security. Security Analyst The Security Analyst function protects the bank's information assets through continuous monitoring, incident response, threat detection, and control validation. It translates security policies into operational controls, manages vulnerabilities, performs threat hunting, and oversees attack surface management. The function also supports threat intelligence sharing and ensures alignment with regulatory requirements. Duties and Responsibilities: Monitor dashboards for asset inventory, user behavior, and unauthorized changes. Triage SIEM alerts and follow established playbooks for escalation. Policy & Documentation Support Assist in version control and review of infosec policies, procedures, and awareness materials. Maintain tracking for policy updates and training compliance. Third-Party & Firewall Review Maintain onboarding checklist for outsourced providers using BSP outsourcing criteria. Track and verify firewall rule changes and coordinate reviews with infrastructure teams. Gather logs from APIs, cloud IAM systems, and backend services to support security investigations. Monitor cloud activity for signs of abnormal access or misconfiguration. AppSec & KYC Support Perform baseline scans for lower-risk apps and assist in fixing findings with developers. Monitor onboarding and KYC behavior for fraud or identity anomalies. Coordination & Reporting Coordinate interviews during incident investigations, gather audit evidence, and maintain compliance reports. Track patch statuses, configuration changes, and alert resolutions across teams. Qualification: Bachelor's degree in Information Technology or Security, Cybersecurity, Computer Science, or equivalent. At Least 3 years in infrastructure/app security, ideally in fintech, banking, or SaaS environments. Proficient in AWS/GCP, Kubernetes, Terraform, CI/CD pipelines, network or network security, security operations, threat detection and hunting, and vulnerability management. Hands-on with Burp Suite, SIEM/SOAR tools. Scripting skills (Python, Bash, Go) for automation and tooling is a plus. #J-18808-Ljbffr