Technical Operations

Information Security Analyst II

JOB TYPE

Full-Time

LOCATION

Hyderabad

About Us:

Please be aware we have noticed an increase in hiring scams potentially targeting Seismic candidates. Read our full statement on our Careers page.

Seismic, a rapidly growing Forbes Cloud 100 company, is the global leader in enablement, helping organizations engage customers, enable teams, and ignite revenue growth. The Seismic Enablement CloudTM provides continuous guidance to improve behavior, content, and skills to win more deals and deliver better experiences. More than 2,200 organizations around the globe including IBM and American Express have made Seismic their enablement platform of choice. Seismic integrates with business-critical platforms including Microsoft, Salesforce, Google and Adobe. Seismic is headquartered in San Diego, with offices across North America, Europe, Australia and China.

Seismic is committed to building an inclusive workplace that ignites growth for our employees and creates a culture of belonging that allows all employees to be seen and valued for who they are. Learn more about DEI at Seismic here.

Overview:

Seismic is a leader in sales enablement technology, delivering integrated solutions that connect marketing, sales, and buyers to drive meaningful engagement. We develop cutting-edge SaaS solutions, ensuring innovation, quality, and global reach to meet our customer needs. 

We specialize in delivering modern, scalable, and multi-cloud solutions that empower businesses to succeed in today’s digital era. Leveraging the latest advancements in technology, including Generative AI, we are committed to driving innovation and transforming the way businesses operate. As we embark on an exciting journey of growth and expansion, we are seeking a talented Information Security Analyst to join our team in Hyderabad, India. 

We are looking for a security practitioner who is an out of the box thinker and motivated to automate as much as possible. You can talk about times you have taken the initiative to automate tedious tasks, and the metrics related to what you automated. 

Should be able to work in ambiguous situations where no defined process is outlined. Instead, you create one. 

Who you are:

You are a highly motivated and results-oriented security professional with 3-5 years of experience in application security. You are a hands-on individual with a strong understanding of the software development lifecycle (SDLC) and a passion for automating security tasks. You thrive in a fast-paced environment and are comfortable working independently to solve complex problems. You possess excellent communication and collaboration skills, and you are able to effectively communicate technical information to both technical and non-technical audiences. You are a continuous learner, always seeking to improve your skills and stay abreast of the latest security threats and vulnerabilities.

What you’ll be doing:

This role is responsible for identifying, assessing and mitigating security vulnerabilities in software applications. They work closely with development teams to integrate security practices into the Software Development Lifecycle (SDLC) and help ensure that applications are secure and compliant with relevant standards and regulations.  

  • Respond to customer RFPs within SLAs. 
  • You will be responsible for helping review AppSec (SAST/DAST/SCA/Container/API) vulnerabilities, evaluate risk and verify vulnerabilities. 
  • Review and triage alerts related to our Security toolset (CrowdStrike, NetSkope, Snyk, Veracode) 
  • Communicate with our engineering department on potential risks within their applications, best practices, and fixes. 
  • Perform technical security assessments to ensure services follow secure design principles, policies, and standards across our engineering portfolio. 
  • You will work with developers to integrate security tooling into the CI/CD pipeline to automate security testing and vulnerability detection. 
  • Develop and enhance automation processes in SDLC. 
  • Develop, and update documentation on current practices as well as updating security processes. 

What you bring to the team:

Must Haves 

  • Minimum of 3-5 years of experience. 
  • Experience in developing controls to protect against the OWASP Top 10 Web application vulnerabilities, API vulnerabilities, and related CWEs & CVEs 
  • Ability to read, understand and identify vulnerabilities within the codebase at a mid – level at least two of the major programming languages and frameworks (C#, .NET, JavaScript, Python, Ruby, Java, Scala, Go, PHP.) 
  • at a mid-level of at least two of the major programming languages 
  • Demonstrate knowledge in AppSec, DAST, SAST, SCA, Container scanning 
  • Hands on experience with  Snyk, Veracode, NoName, GHAS (CodeQL, Dependabot) or similar platforms. 
  • Experience with securing API’s and API tools (PostMan, NoName, Swagger) 
  • Knowledge of CI/CD and automation/orchestration tools (e.g. Jenkins, GHA, Argo) 
  • Knowledge and experience with one major cloud (Azure, AWS, GCP) 
  • Understanding of Container/Kubernetes infrastructure 
  • Experience with a ticketing tracking system (e.g. Jira) 
  • Experience Threat modeling web applications following an industry standard methodology (e.g. STRIDE). 
  • Experience with developing policies for an advanced VPN solution (e.g. Netskope, Palo Alto) 
  • Achieve at least one security certification (e.g. SEC+, CySA+, AWS Certified Security, AZ-500, or similar) 
  • Excellent communication skills, with the ability to collaborate across development, operations, and security teams. 
  • Highly Proficient in spoken and written English 

Nice to Haves 

  • Experience with OneTrust 
  • Proficiency with a scripting language such as Python, PowerShell or Bash 
  • Experience with securing kubernetes/container infrastructure. 
  • Experience with Workato. 
  • Experience in developing controls to protect against the OWASP Top 10 Large Language Models & GenerativeAI and related CWEs & CVEs 

What we have for you:

At Seismic, we’re committed to providing benefits and perks for the whole self. To explore our benefits available in each country, please visit the Global Benefits page

If you are an individual with a disability and would like to request a reasonable accommodation as part of the application or recruiting process, please click here

Headquartered in San Diego and with employees across the globe, Seismic is the global leader in sales enablement, backed by firms such as Permira, Ameriprise Financial, EDBI, Lightspeed Venture Partners, and T. Rowe Price. Seismic also expanded its team and product portfolio with the strategic acquisitions of SAVO, Percolate, Grapevine6, and Lessonly. Our board of directors is composed of several industry luminaries including John Thompson, former Chairman of the Board for Microsoft.  

Seismic is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to gender, age, race, religion, or any other classification which is protected by applicable law.   

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.  

#LI-ST1

India Application