2,675 Infosec Analyst jobs in India

Responsibilities

• Client Engagement & Leadership
• Act as a trusted security advisor for multiple high-value clients.
• Manage end-to-end security assessment projects, including scoping, execution, reporting, and remediation guidance.
• Conduct technical and executive-level briefings to communicate findings, risks, and strategic recommendations clearly.
• Translate complex technical vulnerabilities into business risk insights to help clients prioritize actions.
• Collaborate closely with client stakeholders to ensure security recommendations are practical and actionable.
• Advanced Threat Modelling & Risk Assessment
• Design and maintain threat models tailored to client applications, networks, and cloud environments.
• Perform risk assessments focusing on business impact and likelihood of exploitation.
• Develop attack scenarios based on the latest threat intelligence and real-world attacker techniques.
• Guide clients in integrating security into their software development lifecycle (SDLC) and cloud infrastructure designs.
• Penetration Testing & Red Team Operations
• Lead advanced black-box, grey-box, and white-box penetration testing engagements for web applications, APIs, networks, and cloud environments.
• Conduct sophisticated Red Team exercises to simulate targeted attack campaigns.
• Design and develop custom exploits and testing tools to replicate specific attacker techniques.
• Perform social engineering tests (phishing campaigns, physical security assessments) in controlled and ethical scenarios.
• Provide detailed post-exercise analysis, including actionable remediation strategies and long term improvement plans.
• Comprehensive Reporting & Documentation
• Produce clear and technically thorough vulnerability assessment and penetration testing reports.
• Create executive-level summaries focused on business impact and compliance risks.
• Maintain structured and up-to-date testing methodologies and playbooks.
• Contribute to internal knowledge base, documenting research, custom tools, and successful testing strategies.
• Technical & Programming Expertise
• Expert in vulnerability assessment and exploitation techniques across a wide range of technologies.
• Proficient in security testing tools such as Burp Suite, Nessus, Metasploit, Nmap, OpenVAS, Cobalt Strike, Wireshark, and tcpdump.
• Strong scripting and automation skills (Python, Bash, PowerShell) to automate repetitive testing tasks and tool workflows.
• Capable of custom tool development and advanced exploit research to target unique client environments.
• Strong knowledge of application security vulnerabilities (OWASP Top 10, SANS Top 25) and attack surface analysis.
• In-depth understanding of cloud security risks, identity and access management, and container security (Docker, Kubernetes).
• Social Engineering & OSINT Expertise
• Design and execute social engineering and phishing simulations tailored to client environments.
• Perform physical security assessments through tactics like tailgating and badge cloning.
• Apply Open Source Intelligence (OSINT) techniques to gather reconnaissance data for assessments.
• Provide training and awareness recommendations based on assessment outcomes.
• Professional Attributes & Mindset
• Strong analytical, problem-solving, and creative thinking skills.
• Ethical hacker mindset with a continuous drive to research emerging threats, attack techniques, and defense bypass methods.
• Methodical and detail-oriented approach to testing with the ability to think like an attacker.
• Strong communication and presentation skills, able to engage both technical teams and business leadership.
• Proactively innovate by developing new tools, scripts, or methodologies to improve testing efficiency and depth.

Qualifications

• 7+ years of hands-on experience in Vulnerability Assessment, Penetration Testing, and security consulting.
• Strong technical expertise in application security, network security, cloud security (AWS, Azure, GCP), and infrastructure security testing.
• Proven experience using VAPT tools such as Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto, OpenVAS, etc.
• Solid knowledge of exploitation techniques, post-exploitation frameworks, and manual testing methodologies.
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and network protocol analysis.
• Experience conducting cloud security assessments, including misconfigurations, IAM permissions analysis, and container security.
• Proficiency in scripting and automation (Python, Bash, PowerShell) to customize tests and tools.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, MITRE ATT&CK.
• Strong reporting and documentation skills, able to translate technical findings into business friendly recommendations.
• Excellent communication and stakeholder management skills, able to lead client-facing engagements.
• Relevant certifications are a strong plus (e.g., OSCP, CREST, CISSP, CEH, GIAC GPEN).

Preferred Qualifications:

• Certifications such as OSCP, GPEN, CREST CRT, CRTO are highly desirable.
• Experience in DevSecOps, CI/CD pipeline security, or automated security testing frameworks.
• Familiarity with industry compliance frameworks like PCI-DSS, GDPR, HIPAA, SOC2, and ISO 27001.
• Prior consulting experience in a service delivery or customer-facing environment.
• Experience with threat intelligence platforms and indicators of compromise (IoCs).

This is a remote position.

Job Title: Cloud & Containers – Vulnerability Assessment & Scanning

Job Type: Freelance

Location: Remote

Experience: 10+ Years

Mode: Online

We are looking for a highly experienced Freelance Trainer with strong expertise in Cloud Security and Container Security to deliver professional training on Vulnerability Assessment and Scanning. The trainer will design and deliver sessions, share real-world scenarios, and provide hands-on lab guidance to participants.

Deliver online training on Cloud & Container Vulnerability Assessment & Scanning .

Provide hands-on labs, case studies, and practical demonstrations.

Train participants on industry best practices, compliance, and remediation strategies.

Guide learners in integrating vulnerability scanning into DevSecOps pipelines .

Ensure sessions cover both conceptual understanding and practical skills .

Strong knowledge of Cloud Platforms : AWS, Azure, GCP.

Hands-on with Containers & Orchestration : Docker, Kubernetes, OpenShift.

Expertise in Vulnerability Scanning Tools: Qualys, Tenable, Prisma Cloud, Aqua, Twistlock, Trivy, Clair .

Deep understanding of Security Standards : CIS Benchmarks, NIST, OWASP Top 10, CVE/CVSS.

Experience with DevSecOps (CI/CD pipeline integration, IaC scanning).

10+ years of experience in Cloud Security, Container Security, or Vulnerability Management .

Join Verdantas – A Top #ENR 81 Firm,

We at Verdantas are seeking a highly motivated and detail-oriented Information Security Analyst, to protect our company’s critical systems and sensitive data. You will be an integral part of our security team, responsible for implementing, maintaining, and monitoring our security posture. The ideal candidate will have a strong technical background, a proactive mindset, and a passion for staying ahead of the latest security trends and threats.

Key Responsibilities

Security Operations & Monitoring:

• Monitor security alerts from SIEM, IDS/IPS, firewalls, and other security tools to identify and investigate potential security incidents.
• Perform vulnerability scans and assessments, prioritizing and tracking remediation efforts.
• Manage and configure security tools, including EDR/XDR, antivirus, and email security gateways.
• Conduct log analysis and forensic investigations to determine the root cause of security events.

Incident Response:

• Serve as a key member of the incident response team.
• Respond to and mitigate security incidents in a timely and effective manner.
• Document incidents and develop runbooks for future reference.

Security Architecture & Engineering:

• Design, implement, and maintain security controls and technologies to protect cloud (e.g., AWS, Azure, GCP) and on-premises infrastructure.
• Implement and manage identity and access management (IAM) policies and practices.
• Harden systems, networks, and applications based on industry best practices (e.g., CIS Benchmarks).
• Assist in the development and enforcement of security policies, standards, and procedures.

Governance, Risk, and Compliance (GRC):

• Participate in risk assessments and audits (e.g., SOC 2, ISO 27001, PCI-DSS, HIPAA).
• Assist in third-party security risk assessments.
• Promote security awareness across the organization through training and communication.

Required Qualifications & Skills

• Bachelor’s degree in computer science, Information Security, or a related field, or equivalent experience.
• (8+) years of experience in an information security role.
• Hands-on experience with core security technologies (SIEM, EDR, Firewalls, IDS/IPS, DLP).
• Strong understanding of networking protocols (TCP/IP, DNS, HTTP/S) and network security.
• Knowledge of operating systems (Windows, Linux, macOS) and their security aspects.
• Familiarity with cloud security principles (AWS, Azure, or GCP).
• Understanding of common attack vectors, malware, and threat actor tactics (e.g., MITRE ATT&CK framework).
• Excellent problem-solving and analytical skills.
• Strong written and verbal communication skills.

Preferred Qualifications & Skills

• Relevant industry certifications such as:
• Entry-Level: Security+, GIAC GSEC
• Mid-Level: CISSP, CISM, CEH, CompTIA CySA+
• Cloud-Specific: CCSP, AWS Certified Security - Specialty, Azure Security Engineer Associate
• Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation.
• Knowledge of application security (SAST, DAST) and secure SDLC practices.
• Experience with penetration testing or red teaming tools and methodologies.
• Prior experience in a regulated industry (finance, healthcare, etc.)

Hi All,

Good afternoon!

We are urgently hiring for the role of Information Security Analyst with 7 to 12 years of experience with below required skills :

• Global Security operations center
• SIEM tools
• Splunk
• Incident Management

Interested candidates please apply on :

About the company

Lexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success.

Lexitas offers an array of services including local and national court reporting, medical record retrieval, process service, registered agent services and legal talent outsourcing. Our reach is truly national as well as international.

Lexitas is a MNC Company that has set up a subsidiary in Chennai, India – Lexitas India Pvt. Ltd. This Indian company will be the Lexitas Global Capability Center, helping build a world class IT development team, and over time serve as a Shared Services hub for several of the corporate functions.

For More Information -

This is a Full-Time Job located in Chennai, India.

Summary:

This position supports information security, privacy, risk and compliance programs and activities under the direction of the VP of Information Security or designated Information Security Manager. The position assists in developing and maintaining a comprehensive security program for Lexitas. Providing functional and technical support is important to maintain security posture and protection of electronically and physically stored information assets across our systems. Tasks include supporting design, implementation, configuration, documentation, and maintenance to mitigate risk to the business and its computing resources and assets, as well as collaborating with applicable providers, managing and monitoring tools, and facilitating applicable processes and procedures.

Key Roles and Responsibilities :

• Supports IT security, privacy, risk and compliance systems, processes, supporting activities, with the ability to lead activities and programs.
• Monitors computer networks and associated tools and provider services for security, privacy, risk and compliance issues
• Supports the project management, tracking, and documentation of Information, Privacy, Risk, and Compliance programs, processes, and activities
• Investigate security breaches and cybersecurity incidents.
• Documents security breaches and assesses impact.
• Performs and/or supports security tests, risk assessments, and audits to uncover network, application, and process vulnerabilities and provides guidance and training to ensure violations do not persist.
• Tracks and facilitates the mitigation of vulnerabilities to maintain a high security standard.
• Supports best practices for IT security, privacy and compliance.
• Performs and supports 3rd party vulnerability management and penetration testing.
• Research security enhancements and makes recommendations to management.
• Stays current on information technology trends and security standards.
• Prepares reports that detail security, privacy, and compliance risk assessment findings.
• Supports Security Operations Center functions including monitoring and supporting Incident Response activities.
• Supports all related IT Security, Privacy, Risk and Compliance policies and provides guidance to the business.
• Other Information Security, Privacy, Risk, and Compliance duties as required.

Skills and Abilities:

• Experience with computer network and application vulnerability management and penetration testing, and techniques.
• Solid understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Ability to identify and mitigate network and application vulnerabilities.
• Good understanding of patch management
• Proficient with various OS
• Excellent written and verbal communication skills
• Knowledge of firewalls, antivirus, and intrusion detection system concepts
• Ability to support and document areas of Information Security, Privacy, Risk, and compliance processes and programs.
• Ability to support incident response process.
• Experience directing 3rd Party providers in the areas of Information Security, Privacy, Risk and Compliance
• Support information security controls including physical and data security protecting the confidentiality, integrity and availability of information systems data.
• Preferred KSA’s:
• Strong working knowledge and experience with primary Information Security, Privacy, Risk, and compliance standards and frameworks such as NIST, SOC 2, HIPAA, PCI DSS, GDPR, etc.
• Experience administering information security software and controls.
• Experience supporting process for managing network and application security.
• Network and system administration experience a plus.
• Good understanding of Standard Information Security Baseline Frameworks, Business Continuity, and Disaster Recovery protocols and best practices.
• Exposure to ITIL (Incident/Change Management) – ITIL v3F preferred.
• Learns and monitors the business processes for the areas of primary support responsibility.
• Support annual Security Baseline Audits and execution of recommendations.
• As part of the technology team, performs “Help Desk” day-to-day tasks in support of Information Security, Privacy, Risk, and Compliance.

Education and Experience:

• Bachelor’s degree in computer science or related field strongly preferred.
• IAT Level-2 technical certification strongly preferred (Comp TIA Security+ or CISSP) or ability to obtain within first 90 days of hire.
• 5+ years’ experience performing role of Information Security Analyst or SOC
• Demonstrated experience in responding to, managing, and resolving security incidents.
• Experience with LAN/WAN networking concepts, IP addressing and routing concepts, Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
• Experience with Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
• Experience working with Security Information and Even Management (SIEM) system is a plus.

• Monitor security alerts and events from various sources, including SIEM, firewalls, IDS/IPS, and endpoint security solutions.
• Investigate security incidents, perform root cause analysis, and recommend appropriate remediation actions.
• Conduct regular vulnerability assessments and penetration testing to identify system weaknesses.
• Develop and implement security policies, procedures, and guidelines to ensure compliance with industry standards and regulations.
• Assist in the design and implementation of security controls and technologies to protect against cyber threats.
• Provide security awareness training to employees and educate them on best practices for data protection.
• Manage and maintain security infrastructure, including firewalls, antivirus software, and encryption tools.
• Respond to and manage security breaches, coordinating incident response efforts and post-incident analysis.
• Stay current with the latest cybersecurity threats, vulnerabilities, and trends.
• Review and analyze security logs to detect suspicious activities and potential intrusions.
• Collaborate with IT teams to ensure that security considerations are integrated into all system designs and implementations.
• Develop and maintain documentation related to security configurations, policies, and procedures.
• Participate in security audits and compliance reviews.
• Assess the security posture of third-party vendors and partners.
• Contribute to the continuous improvement of the organization's overall security program.
• Assist in developing business continuity and disaster recovery plans.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Proven experience in information security, cybersecurity operations, or a related role.
• In-depth knowledge of security principles, network protocols, and common attack vectors.
• Experience with SIEM tools, vulnerability scanning software, and endpoint detection and response (EDR) solutions.
• Familiarity with security frameworks such as NIST, ISO 27001, and GDPR.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong understanding of incident response procedures and best practices.
• Relevant certifications such as CompTIA Security+, CISSP, CISM, or CEH are highly desirable.
• Ability to work effectively both independently and as part of a collaborative team.
• Excellent communication and interpersonal skills, with the ability to explain technical security concepts to non-technical stakeholders.
• The hybrid nature of this role requires regular attendance at our Thane, Maharashtra, IN office for team collaboration and critical infrastructure management, with the flexibility for remote work days.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years of experience in information security or cybersecurity.
• Strong understanding of network security, firewalls, intrusion detection/prevention systems, and endpoint security.
• Experience with security assessment tools and methodologies.
• Knowledge of relevant security standards and compliance frameworks (e.g., ISO 27001, NIST).
• Excellent analytical, problem-solving, and communication skills.
• Ability to work effectively in an office-based security operations center.

• Monitor security alerts and events from various sources, including SIEM systems, IDS/IPS, firewalls, and endpoint security solutions.
• Investigate and analyze security incidents to determine root causes, scope of impact, and required remediation steps.
• Respond to security incidents in a timely and effective manner, following established incident response plans.
• Conduct vulnerability assessments and penetration testing to identify and prioritize security weaknesses.
• Implement and manage security controls and technologies to protect networks, systems, and data.
• Develop, update, and enforce information security policies, standards, and procedures.
• Perform regular security audits and compliance checks to ensure adherence to regulatory requirements (e.g., ISO 27001, GDPR).
• Educate and train employees on security best practices and awareness programs.
• Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and mitigation techniques.
• Collaborate with IT teams to integrate security measures into system design and deployment.
• Assist in the development and maintenance of disaster recovery and business continuity plans.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 2-4 years of experience in information security operations, incident response, or vulnerability management.
• Strong understanding of networking protocols, security principles, and common attack vectors.
• Hands-on experience with security tools such as SIEM, firewalls, antivirus, IDS/IPS, and vulnerability scanners.
• Knowledge of security frameworks and compliance standards.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills, with the ability to articulate technical concepts to non-technical audiences.
• Relevant certifications such as CompTIA Security+, CEH, or CISSP are highly desirable.
• This hybrid role requires the successful candidate to be based in or near Vijayawada, Andhra Pradesh, IN , and to attend the office for a designated number of days per week for collaborative work and team meetings, while also enjoying the flexibility of remote work.