DevOps Engineer

We are seeking a skilled Cybersecurity Analyst with strong experience in threat detection, security monitoring, and compliance enforcement across hybrid IT environments. The ideal candidate will be responsible for analyzing security events, conducting risk assessments, ensuring regulatory compliance (e.g., ISO 27001, NIST, GDPR), and supporting incident response operations. This role plays a critical part in protecting organizational assets, infrastructure, and sensitive data. Key Responsibilities: Security Monitoring & Incident Response Monitor and triage alerts from SIEM platforms (e.g., Wazuh, Splunk, Azure Sentinel, ELK) Analyze logs, events, and threats across endpoints, networks, and cloud systems Participate in incident response, root cause analysis, and recovery Investigate phishing, malware, and suspicious behavior incidents Collaborate with IT teams to enforce security controls and reduce attack surfaces Governance, Risk & Compliance Maintain and enforce security policies, procedures, and documentation Assist in internal audits, control testing, and compliance assessments (ISO 27001, NIST, HIPAA, GDPR) Maintain and update the organization's risk register Support user training and organization-wide security awareness Contribute to disaster recovery and business continuity planning from a security perspective Vulnerability & Threat Management Perform and analyze vulnerability scans using tools such as Nessus, Qualys, or similar platforms (hands-on experience required, even if not currently in use) Contribute to the development or implementation of vulnerability detection solutions Track remediation of security gaps and report on posture trends Maintain awareness of threat intelligence feeds, zero-day exploits, and CVEs Document Indicators of Compromise (IOCs) and support internal threat intelligence initiatives Tooling & Automation Tune SIEM/SOAR rules and dashboards for improved detection accuracy Contribute to automation workflows (e.g., alert enrichment, threat classification) Integrate compliance/security checks into CI/CD pipelines or infrastructure as code (if applicable)