Website:
goedmo.com
Job details:
Position Overview
We are looking for a driven and technically sharp Security Analyst with 1–3 years of hands-on experience to join our cybersecurity team. This role is a critical pillar in protecting our organisation's digital assets, driving compliance through SOC 2 governance, and keeping our security posture ahead of evolving threats — including AI-related attack vectors.
📍 Location: Hybrid / On-Site (Pune, India)
🕐 Experience: 1 – 3 Years
📂 Function: Information Security & Compliance
📋 Reports To Head of Security / CISO
🏢 Employment: Full-Time
Key Responsibilities
Penetration Testing & Vulnerability Assessment
- Conduct black-box and grey-box penetration tests on web applications, APIs, and infrastructure
- Perform vulnerability assessments using Burp Suite Pro, Nessus Tenable, and OWASP methodologies
- Leverage Exploit-DB and publicly known CVEs to simulate real-world attack scenarios
- Produce detailed, actionable pentest reports with risk ratings and remediation guidance
- Track findings through to verified remediation in coordination with engineering teams
Cloud Security & Network Defence
- Monitor and harden cloud environments (AWS / Azure / GCP) against misconfigurations and threats
- Manage and tune IDS/IPS solutions to detect intrusions and reduce false-positive noise
- Review network segmentation, firewall rule-sets, and VPN configurations for security gaps
- Investigate alerts from SIEM platforms and escalate confirmed incidents per the IR playbook
- Maintain and improve cloud security posture management (CSPM) tooling
AI Security & Guardrails
- Assess AI/ML systems for prompt injection, model inversion, and data poisoning risks
- Design and enforce AI guardrails to prevent misuse of LLMs deployed within the organisation
- Stay current with emerging AI threat landscapes and apply relevant controls proactively
- Collaborate with data science and product teams to embed security reviews into the AI lifecycle
Bug Bounty & Research
- Actively contribute to bug bounty programmes on Bugcrowd and HackerOne (Hall of Fame participation preferred)
- Responsibly disclose identified vulnerabilities following coordinated disclosure standards
- Maintain an up-to-date knowledge of CVEs, zero-days, and threat intelligence feeds
- Contribute research findings back to internal security knowledge bases and team sessions
SOC 2 Compliance & Governance
- Establish, document, and maintain SOC 2 Type I / Type II policies across all Trust Services Criteria
- Conduct internal security assessments and gap analyses to measure compliance readiness
- Create and enforce security governance frameworks including access control, change management, and incident response policies
- Liaise with external auditors and prepare evidence packages for SOC 2 certification
- Drive organisation-wide security awareness training programmes and phishing simulations
- Maintain an up-to-date risk register and present quarterly security metrics to senior management
Required Skills & Qualifications
Core Technical Expertise
- Hands-on experience with Burp Suite (Professional), Nessus / Tenable.io, and Metasploit
- Solid understanding of OWASP Top 10 Web, OWASP API Security Top 10, and SANS Top 25
- Proficiency with Exploit-DB, CVE databases, and manual exploitation techniques
- Working knowledge of black-box and grey-box testing methodologies
- Familiarity with network protocols (TCP/IP, DNS, HTTP/S, TLS) and packet analysis (Wireshark)
- Experience with cloud platforms (AWS/Azure/GCP) and their native security tooling
- Competence with IDS/IPS configuration and tuning (Snort, Suricata, or equivalent)
Additional Beneficial Tools
- SIEM platforms: Splunk, Microsoft Sentinel, or IBM QRadar
- Threat intelligence: MISP, VirusTotal, Shodan, Censys
- Scripting: Python or Bash for automating security workflows and custom tooling
- Container & DevSecOps: Docker, Kubernetes security scanning, CI/CD pipeline security
- Identity & Access: PAM tooling, MFA implementation, Zero Trust concepts
- Code review: SAST/DAST tools such as Semgrep, SonarQube, or Checkmarx
Compliance & Soft Skills
- Demonstrated understanding of SOC 2, ISO 27001, or NIST CSF frameworks
- Strong analytical mindset with excellent written and verbal communication skills
- Ability to translate technical risk into clear business language for non-technical stakeholders
- Self-starter comfortable with ambiguity and able to prioritise competing demands
- Integrity and discretion when handling sensitive security findings and data
Educational Background & Certifications
Strongly Preferred
A degree in Computer Science, Information Security, or a related field is preferred. Equivalent hands-on experience and demonstrated skills will be considered equally. The following certifications are an advantage:
- CEH — Certified Ethical Hacker, OSCP — Offensive Security Certified Professional, CompTIA Security+eWPT / eJPT (eLearnSecurity)
- AWS Certified Security – Specialty,CISSP (Associate level), CISM / CISA, SOC 2 Lead Auditor / Implementer
Click on Apply to know more.