Information Security Officer

About DinCloud:

dinCloud is an all-encompassing Cloud Service Provider (CSP) with a global footprint of data centers. Our portfolio includes Cloud Hosted Virtual Desktops, Servers, and Databases. For over 10 years, we have been innovating in the cloud space- as a ‘born in the cloud provider. While we have evolved over the years, our core philosophy remains centered on security and transparency, and as such our innovative solutions can be tailored to the unique needs of many businesses and industries.

At dinCloud, we maintain a dynamically robust environment that is ever-changing and evolving in parallel with the latest technologies, trends, and industry standards. With a highly skilled and qualified workforce of over 500 personnel in our Islamabad, Lahore, and United States offices, we function with the firm belief that our employees are our greatest and most valued assets.

Our perks and benefits package includes:

• Health insurance for our employee’s immediate family members inclusive of their parents, which covers OPD, as well as IPD
• An effective provident fund policy along with EOBI facilities
• Entitlement for paid leaves
• Pay Raises & Paid Training

We are presently searching for highly motivated candidates, with the will and determination to strive under pressure, and the innate ability to evolve and keep up with the emerging technologies in the industry.

Job Summary:

• The Security Analyst will play a key role in helping establish our security by focusing on enhancing the security posture of our hosting infrastructure and Cloud services.
• The information security analyst will help work to develop and implement a comprehensive information security program.
• This includes defining and implementing security policies, processes, and standards.
• The security analyst will select and deploy technical controls to meet specific security requirements.

Position Requirements

• Evaluate and enforce IT security controls, security policies, and secure computing practices. Integrate with various teams on technology initiatives to improve the security of our systems and operations. Document policies, processes, and controls
• Perform scheduled vulnerability scanning, pen testing, and reporting
• Assess and manage vendor risk. Manage a diverse set of security platforms and generate reports for review with action items
• Operate SIEM and other intelligence systems to monitor the environment for actionable events
• Manage security tools and services for identity management, authentication, authorization, and other security services
• Coordinate incident response, analysis, remediation, and cleanup
• Follow industry and best practices and procedures
• Create security-related documentation
• Enforce and validate IT security policies and best practices to achieve compliance with PCI, HIPPA, etc. 
• Complete security assessment documentation for customers
• Provide Vulnerability Analysis related training to staff as needed
• Discover, identify and track vulnerabilities of company IT assets (including websites)
• Utilize appropriate tools to evaluate the business environment against security policy and business risk posture
• Knowledge of Business Continuity and Crisis Management principles, concepts, controls, and processes
• Support Subsidiaries with Information Security and Business Continuity Issues coordination, action plan definition, and follow up
• Recovery Strategies and produce corresponding documentation (BCP, BRP, DRP)
• Endpoint protection
• Prepare technical vulnerability reports
• Hands-on experience configuring and working with security tools like SIEM,  IDS/IPS, vulnerability scanning and management, pen testing, XDR
• Hands-on experience with logging (audit logs, OS logs, app logs) on Windows and Linux systems
• Understand firewall logs and ACLs for analyzing and reviewing
• Solid understanding of OWASP, SSL/TSL, proxies, web filtering, MFA, SAML
• Risk Analysis considering any emerging and ongoing threats, vulnerabilities, and exploits· Threat detection, threat hunting, and response for any threats including malware, phishing, data exfiltration based on alerts, searches, logs, events co-relation
• Protect customers on a global scale and provide security guidance on existing and emerging cyber security threats
• Analyze, escalate, and respond to security events, observables, and incidents detected by security products
• Threat hunt across thousands of customer environments, identifying threats and observables and contributing to content management and threat intelligence activities
• Conduct incident response activities, supporting customers through containment, eradication, and recovery
• Experience working with tools like Splunk, Forti Analyzer, ELK, Crowdstrike, Nessus, Qualys, Sophos, Sentinel, Microsoft 365 Defender, DUO, OKTA

 Key Experience Requirements:

• 5 years of experience in IT Security or related Infrastructure administration in a highly available and production environment
• Minimum of 4 years experience implementing and following security frameworks or compliance standards, such as PCI-DSS, CIS Controls, NIST, COBIT, etc
• Experience working on projects to achieve PCI, HIPPA, and SOC compliance. 
• Hands-on experience working on security tools