Principal Analyst – Security Operations

Principal Analyst – Security Operations

Position Overview

This role is responsible for managing and strengthening the organization's overall security posture across both on-premise and cloud environments. The position focuses on vulnerability remediation, patch management, and automation of security operations.

The role also involves conducting security assessments, managing deviations, and leading security initiatives, including automation and AI-driven enhancements. The successful candidate will collaborate closely with cross-functional teams to ensure robust, compliant, and scalable security practices.

Key Responsibilities

1. Security Posture Management

• Manage end-to-end security patching lifecycle across systems and platforms
• Ensure timely remediation of vulnerabilities and end-of-life (EOL) software risks
• Collaborate with infrastructure and vulnerability management teams to prioritize fixes based on risk and business impact
• Maintain and improve patch management processes, policies, and documentation

2. Security Automation

• Design and develop automation scripts and workflows for security operations
• Enhance and maintain dashboards using tools such as JIRA, Power BI, and other platforms
• Ensure automation solutions are scalable, secure, and aligned with internal standards

3. Security Operations Metrics & Reporting

• Track, analyze, and automate security metrics reporting
• Support preparation of reports, dashboards, and presentation materials for stakeholders

4. Security Initiatives

• Contribute to ongoing security projects and initiatives
• Support implementation of automation and AI-driven security capabilities
• Provide ideas, technical input, and execution support

5. Security Deviation Management

• Review and assess security exception requests from internal stakeholders
• Evaluate risks based on threat intelligence, regulatory requirements, and security standards
• Recommend mitigation controls and ensure alignment with organizational risk appetite

6. Stakeholder Communication

• Communicate effectively with internal teams and external vendors
• Clearly articulate risks, remediation plans, and security requirements (why, what, and how)

Requirements

Education

• Bachelor's degree in Computer Science, Information Security, Computer Engineering, Information Systems, or related field

Experience

• Minimum 12 years of technology experience, with at least 8 years in cybersecurity, preferably in regulated industries (e.g., banking, insurance, fintech)
• Strong expertise in:
• Vulnerability management and EOL remediation
• Patch management processes and tools
• Security monitoring and automation
• Cloud environments (Azure, AWS, GCP)
• Containers and microservices architecture (e.g., Kubernetes)
• Hands-on experience in:
• Scripting (Python, Shell, or similar)
• API integration and automation tools (e.g., Power Automate)
• Data visualization tools (e.g., Power BI)
• Experience in DevOps, SRE, or development roles is an advantage
• Strong analytical and problem-solving skills with a data-driven approach
• Familiarity with regulatory frameworks (e.g., MAS TRM or similar)

Certifications (Preferred)

• One or more of the following:
• CISSP
• CEH
• CSA / ECSA
• GSOC or equivalent

Key Competencies

• Strong analytical and critical thinking skills
• Excellent communication and stakeholder management
• Ability to handle complex security issues and drive resolution
• Proactive mindset with continuous improvement focus