Job Title: Senior Security Analyst
Experience Level:
Mid / Senior (5–9 years)
Locations: Hyderabad, Mohali, Kochi
Position: Fulltime
Summary of role
The Senior Security Analyst is accountable for the day-to-day execution of CFCO’s Information Security Management System (ISMS), spanning both technical security assessment and governance, risk and compliance (GRC) activities. The role plays a central operational part in maintaining ISO 27001 certification, running the continuous vulnerability assessment programme, and supporting the broader security operations capability across CFCO and FMG.
Core activities
Technical Security Assessment
Manage continuous vulnerability scanning across infrastructure, user identities, and source code using Tenable One, GitHub Enterprise, and Qodo, ensuring scan coverage is maintained and findings are validated.
Triage identified vulnerabilities, raise and manage security issues in Jira, assign risk levels, and drive remediation with platform and system owners through to closure.
Coordinate the annual external red-team penetration testing engagement — including scoping, vendor liaison, evidence handover, finding management, and post-engagement remediation tracking.
Operate the simulated phishing programme through the KnowBe4 platform, covering quarterly campaign design, results analysis, identification of at-risk users, and delivery of targeted follow-up training.
Perform first-line triage and investigation of security incidents captured from automated monitoring, manual checks, and user-reported events, working with the Infrastructure and Security Manager on response actions and root cause analysis.
Conduct security configuration reviews against the ISMS Secure Configuration, Cryptography, Access Control, Infrastructure Security, and Secure Development standards, and recommend remediation actions.
Support the planned SIEM/SOC transition (Immortal Cyber via CFAL), including integration testing, alert tuning, and runbook validation ahead of FY27 cutover.
Assess emerging AI-related security risks (data confidentiality and AI-enabled threats) and contribute to the formalisation and enforcement of the AI acceptable use policy.
Governance, Risk and Compliance
Support the maintenance of ISO 27001 certification across CFCO and FMG, including continuous evidence collection and control testing within the Vanta platform.
Coordinate internal and external ISO 27001 audits, acting as a primary point of contact for auditors during fieldwork and managing the resolution of identified observations.
Operate the third-party vendor risk assessment programme — conducting initial and recurring assessments of technology providers in line with the organisation’s risk appetite.
Maintain the risk register and supporting documentation for ISMS policies (Risk Management, Operations Security, Third-Party Security, Access Control, Physical Security, Data Classification) and associated standards.
Facilitate periodic user access reviews with designated system owners — monthly for critical and high-risk systems, quarterly for medium and low-risk systems — and ensure review evidence is retained.
Support BCP and DR testing for operationally critical systems (including email, BOAB, and NetSuite), helping plan, execute, and document the annual testing cycle.
Contribute to ISMS Governance Council reporting, including monthly security posture metrics, risk register movements, and assurance activity status.
Skills and Experience
6+ years of progressive experience in information security, with demonstrable depth in technical security assessment.
Hands-on experience operating vulnerability management platforms (Tenable, Qualys, Rapid7, or equivalent) and managing remediation workflows in Jira or a comparable ticketing system.
Practical experience coordinating external penetration testing engagements and triaging red-team findings.
Working knowledge of cloud security on AWS, including assessment of IAM configurations, network security controls, and infrastructure-as-code outputs.
Experience operating an ISO 27001-certified ISMS, including evidence preparation, internal audit support, and external audit participation; familiarity with Vanta or a comparable compliance automation platform.
Sound understanding of third-party / vendor risk assessment processes and risk register maintenance.
Familiarity with phishing simulation and security awareness platforms (KnowBe4 or similar) and end-user behavioural risk analysis.
Strong written and verbal communication skills, with the ability to translate technical findings into clear risk and remediation language for system owners and senior stakeholders.
Industry-recognised information security certification (CISSP, CISA, CISM, CRISC, CEH, OSCP, or equivalent) is preferred.
Bachelor’s degree in Computer Science, Information Security, or a related discipline.
About Softobiz:
Innovation begins with like-minded people aiming to transform the world together. At Softobiz, we invite you to become a part of an organization that has been helping clients transform their business by fusing insights, creativity, and technology. With a team of 300+ technology enthusiasts, we have been trusted by leading enterprises around the globe for over 12+ years.
At Softobiz, we foster a culture of equality, learning, collaboration, and creative freedom, empowering our employees to grow and excel in their careers. Our technical craftsmen are pioneers in the latest technologies like AI, machine learning, and product development.
Why Should You Join Softobiz?
-
Work with technical craftsmen who are pioneers in the latest technologies.
- Access training sessions and skill-enhancement courses for personal and professional growth.
- Be rewarded for exceptional performance and celebrate success through engaging parties.
- Experience a culture that embraces diversity and creates an inclusive environment for all employees.
Softobiz is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will be afforded equal employment opportunities without discrimination based on race, creed, color, national origin, sex, age, disability, or marital status.
For more information about our solutions and organization, visit
www.softobiz.com
,
Follow us
on
LinkedIn
,
Twitter
,
and
Facebook
for more updates.
