Senior Information Security Analyst

Druva, the autonomous data security company, puts data security on autopilot with a 100% SaaS, fully managed platform to secure and recover data from all threats. The Druva Data Security Cloud ensures the availability, confidentiality, and fidelity of data - providing customers with autonomous protection, rapid incident response, and guaranteed data recovery. The company is trusted by its more than 6,000 customers, including 65 of the Fortune 500, to defend business data in today’s ever-connected world. Amidst a rapidly evolving security landscape, Druva offers a $10 million Data Resiliency Guarantee ensuring customer data is protected and secured against every cyber threat. Visit druva.com and follow us on LinkedIn, Twitter and Facebook.

About the Role:

As a Senior Security Analyst at Druva, you'll lead efforts to protect our digital assets, applications, and IT infrastructure. This role demands a blend of technical prowess, strategic thinking and adaptability, as you'll oversee vulnerability management, conduct in-depth security assessments and deploy robust defenses across multiple platforms. By fostering inter-team collaboration, you will contribute to maintaining a resilient security posture for our infrastructure, effectively mitigating  risks in our evolving technological environment through advanced tools and methodologies.

Essential Responsibilities: 

Manage comprehensive vulnerability management across Druva IT infrastructure; spearhead remediation efforts with key stakeholders.Execute and expand DAST and security testing for web applications.

• Assist in security assessments and penetration testing of in-house and web-facing applications.
• Synergize with cross-functional teams to integrate information security safeguards into existing systems and workflows, within designated operational domains.
• Perform regular attack surface analyses, Address application/OS security vulnerabilities promptly, identify and neutralize exploit paths for publicly accessible assets.
• Triage and resolve bug bounty submissions, ensuring expeditious resolution and transparent communication.
• Support in implementing access controls across Druva systems and applications, utilizing OAuth, SAML, Okta, or similar platforms.

Desired Skills and Qualifications:

• Engineering graduate/Postgraduate (computer science or allied field).
• Minimum 5 years of experience in Information Security or related technological domains.
• Strong understanding of security principles, vulnerability taxonomies, threat vectors, and frameworks (CVSS, OWASP Top 10 & ASVS, SANS CWE).
• Proficiency in security scanning tools (Qualys, Nessus, Rapid7, OpenVAS, OWASP ZAP, Burp Suite).
• Comprehensive grasp of OS ecosystems (Windows, Mac, Linux/Unix, VDI) and cloud architectures (VPC, SG, EC2, S3, CloudTrail, IAM, GuardDuty).
• Enthusiasm for staying up-to-date on emerging cybersecurity threats, vulnerability and exploits techniques.
• Security certifications (CEH, CompTIA Security+ , CCSP) are advantageous.
• Exceptional analytical acumen and adept problem-solving in high-velocity environments.