Job Summary
The Information Security Analyst for the Remediation Operations team is responsible for evaluating security exceptions, assessing associated risk, and driving remediation of critical and high-risk vulnerabilities across applications and platforms. This role operates within the Application Security and Infrastructure Security ecosystem, ensuring adherence to Enterprise Vulnerability standards and reducing enterprise risk exposure.
Responsibilities
Exception Review & Risk Assessment
- Review and assess security exception requests for compliance with Enterprise Vulnerability standards and supporting policies.
- Validate business justifications, compensating controls, and risk responses including Mitigate, Accept, Transfer, and Avoid.
- Ensure exceptions align with the Exceptions Management Program and include all required documentation and leadership approvals.
- Challenge insufficient or unjustified exceptions while prioritizing remediation over risk acceptance.
Vulnerability Governance & Remediation Oversight
- Monitor and track critical and high vulnerabilities across application and infrastructure portfolios.
- Enforce remediation timelines in accordance with defined Service Level Objectives (SLOs).
- Ensure vulnerabilities exceeding SLOs are either remediated or formally documented through approved exceptions.
- Validate remediation through coordination with security tooling, rescans, or evidence-based confirmation.
Stakeholder Engagement & Reach-Out
- Proactively engage application and platform owners with critical risk exposure or past-due vulnerabilities.
- Communicate risk clearly, including exploitability, business impact, and compliance implications.
- Drive accountability through follow-ups, escalation paths, and leadership alignment where required.
- Support application teams in understanding remediation options and security requirements.
Security Tooling & Data Analysis
- Leverage enterprise security tools such as SAST, DAST, SCA, IRIS, Tenable, and API security tools to identify and track vulnerabilities.
- Analyze risk metrics, dashboards, and vulnerability reports to prioritize remediation actions.
- Correlate findings across multiple tools to identify systemic risks and recurring security issues.
Policy & Standards Alignment
- Ensure adherence to Application Security Policy standards and procedures.
- Follow Enterprise Vulnerability Standards and Application Vulnerability Management Procedures.
- Interpret policy requirements and translate them into actionable guidance for engineering teams.
- Identify gaps, non-compliance issues, and recommend corrective actions.
Continuous Threat Exposure Management (CTEM) Support
- Support continuous risk identification, prioritization, and validation activities.
- Assist with risk-based prioritization using exploitability, asset criticality, and exposure context.
- Help reduce attack surface and improve the organization’s overall security posture.
Mandatory Skills
-
Application Security Assessments
-
Enterprise Security
-
OWASP
-
Secure Coding
Preferred Skills
-
Cloud Security
-
Information Security Governance
-
Leadership Mentoring
-
Regulated Industry
-
Vulnerability Management
Qualifications
Bachelor’s degree in Computer Science, Information Technology, Software Engineering, or related field
BCA / B.Tech / BE / MCA preferred