26 Security Analyst jobs in Pakistan

Application Security Engineer / InfoSec Engineer - Onsite - Karachi

Company Overview:

Hiring for one of our Tech Solution providers in Karachi.

Job Description:

1. Develop and implement security strategies to safeguard our
   Cloud infrastructure,

on-prem systems, applications, and data.

1. Perform risk
   assessments, vulnerability scans, and penetration testing;
   provide

actionable insights to mitigate risks.

1. Collaborate with Product and Engineering teams to embed security best practices

into the software development lifecycle
(SDLC).

1. Manage and enhance our incident response plans, ensuring timely and effective

resolution of security incidents.

1. Lead initiatives to achieve and maintain compliance with industry standards and

regulations
(e.g., ISO 27001, PCI-DSS, SOC 2, GDPR).

1. Conduct security awareness trainings and workshops for Employees across the

organization.

1. Implement and manage
   SIEM tools, IDS/IPS, WAFs, Firewalls,
   and other security

technologies.

1. Monitor and analyze security alerts, logs, and data from both cloud and on-prem

environments to proactively address potential threats.

1. Work with stakeholders to prioritize and remediate vulnerabilities promptly.

2. Maintain and secure critical
   on-prem infrastructure
   , ensuring alignment with overall security policies and practices.

3. Stay updated on emerging threats, vulnerabilities, and technologies to improve our security posture continuously.

Qualifications

1. Experience:
   4+ years in InfoSec, Cyber Security, or Cloud Security roles

2. Education: Bachelors degree in Computer Science, Information Technology, or a

related field (or equivalent experience).

1. Certifications: Relevant certifications such as CISSP, CISM, CEH, AWS Security

Specialty, or Azure Security Engineer are highly desirable.

Technical Skills

1. Hands-on experience with Public Cloud platforms (AWS, Azure, or GCP) and on-

prem infrastructure.

1. Broad experience across different Operating Systems and environments (Cloud, on- prem, VMs, etc.).

2. Strong understanding of networks, network architecture, and networking concepts.

3. Hands-on practitioner proficient in security tools such as SIEMs, IDS/IPS, WAFs,

Network Firewalls, vulnerability scanners, and endpoint protection.

1. Strong understanding of network security, cryptography, and application security.

2. Practical knowledge of and experience with ISO/IEC 27001, OWASP, NIST, CIS, and

PCI-DSS standards and frameworks.

1. Experience with DevSecOps practices and CI/CD pipelines.

2. Knowledge of on-prem server security, network configurations, and physical access

controls.

1. Bonus points for being hands-on with Python and shell scripting.

Other Details:

Experience:
4+ years in InfoSec - Cyber sec

Location: Shahre Faisal

Salary: Market Competitive

Timings: Monday to Friday

About HR Ways:
HR Ways is an Award winning Technical Recruitment Firm helping software houses and IT Product companies internationally and locally to find IT Talent. HR Ways is engaged by 300+ Employers worldwide ranging from worlds biggest SaaS Companies to most competitive Startups. We have entities in Dubai, Canada, US, UK, Pakistan, India, Saudi Arabia, Portugal, Brazil and other parts of the world.

Job Title: Cybersecurity Analyst

Location: Gulberg, Lahore (On-Site Role)

Experience: 3 to 5 Years

Responsibilities:

Tech Bridge Consultancy seeks experience in security monitoring solutions, incident response and other cybersecurity tools and technologies implementation capabilities. In your role, your duties will include the following:

• SOC monitoring coverage for any of the following shifts: EST Time 8:00am – 4:00pm (PST 5:00pm – 1:00am), 4:00pm – 12:00am (PST 1:00am – 9:00am), 12:00am – 8:00am (PST 9:00am – 5:00pm); the work week is considered a minimum of 40 hours each week. Day to day security logging and monitoring solutions; identifying false positives and detecting potential or real threats
• In-depth analysis of security events, alerts and incidents
• Promptly responding to customer enquiries via emails and/or phone calls; responding to security incidents and threats
• Analyzing logs, network traffic and data to identify potential threats and vulnerabilities
• Development security dashboards and reporting; compile threat intelligence reports and manage log data
• Configuration of security tools and technologies (e.g. SIEM, EDR, VM, etc.)
• Configuration of network and security appliances (e.g. Firewalls, routers, switches, HIDS, NIDS, etc.)
• Endpoint security configuration (Defender, CrowdStrike, SentinelOne, Webroot, Kaspersky, etc.)
• Firewall rules configuration and optimization
• SIEM rules configuration (Sentinel, Splunk, Log Rhythm, etc.)
• Technical writing and security policy development
• Staying current on industry trends, keeping up-to-date with relevant CVE's and the evolving threat landscape
• Conducting vulnerability scans of network and applications
• Keeping company systems up-to-date with current security patches
• Recommending security improvements to line managers or senior management

Requirements:

• Strong understanding of cybersecurity principles and the SOC environment
• Bachelor's degree in cyber security, computer sciences or equivalent
• Good understanding of vulnerability management tools and techniques
• Good understanding of Windows, Linux and macOS operating systems and endpoints
• Knowledge of modern problem-solving skills, and keen attention to detail
• Good understanding of the modern security in SDLC practices
• Capable of Balancing multiple priorities and remaining flexible in a changing environment
• Good communication and interpersonal skills
• Familiarity with regulatory compliance and security standards (ISO27001, SOC 2 TYPE 1 and TYPE 2, NERC CIP, IE 62443, NIST CSF, etc.)

Other duties may include:

· Contribute to the preparation of technical documentation, including proposals, tenders, RFPs (Requests for Proposals), and RFIs (Requests for Information)

· Participate in business development activities directly related to the sale of cybersecurity services and other tasks supporting the delivery of cybersecurity products and services

· Personnel are required to work on-site; remote or hybrid work options will not be available

· Personnel must strictly use company-provided computer assets, hardware, and licensed software to perform all assigned services

· Personnel must not work more than 12 consecutive hours per shift

· Personnel are required to adhere to internal cybersecurity and IT policies and standards

· Personnel are required to strictly uphold confidentiality and integrity clauses while dealing with all customer data

Job Type: Full-time

Application Question(s):

• Are you comfortable with an on-site role, as this position is not remote or hybrid?
• Have you worked with vulnerability management tools?
• Are you familiar with any security compliance standards like ISO 27001, SOC 2, or NIST?
• Are you comfortable working onsite in any of the following SOC shift timings?
• Do you have experience working in a SOC (Security Operations Center)?
• Do you have strong written and verbal communication skills in English?

Work Location: In person

We are hiring for a " Cybersecurity Analyst" having 3+ years of experience.

Job Description:

• Implement and maintainsecure coding standards to mitigate secure coding vulnerabilities.

• Analyze, detect and respond to cyber threats through real-time monitoring and proactive defense strategies.

• Conduct vulnerabilities assessments, penetration testing and risk evaluations to identify and mitigate security issues.

• Develop and implement cybersecurity policies and frameworks based on NIST, ISO 27001, and other industry standards.

Essential Technical Skills:

• Proficient in Cyber Threat Intelligence (CTI)

• Experience with penetration testing and ethical hacking methodologies.

• Familiarity with Cybersecurity frameworks _e.g, NIST,MITRE, ATT & CK).

• Knowledge of network security tools such as firewalls, IDSIPS and SIEM platforms.

• Programming knowledge (e.g,Python, ava, C++) for secure software development.

Education and Experience:

• Bachelors in IT

• 3+ Years of Experience

Company Description

Stafflink is the all-in-one platform designed to simplify global team management. From onboarding and culture to local payroll and compliance, we handle every aspect, allowing you to focus on growth. Our powerful HR and payroll tools, combined with global mobility services and deep compliance expertise, drive businesses to scale quicker and smarter. Additionally, our talent marketplace connects you with top professionals worldwide, ready to join your team. Hire, manage, and pay your team anywhere effortlessly.

Role Description

This is a full-time remote role for a Cyber Security Analyst. The Cyber Security Analyst will be responsible for monitoring and analyzing system vulnerabilities, performing malware analysis, and ensuring application and network security. Daily tasks will also include conducting security assessments, implementing security measures, and responding to security threats. Additionally, the analyst will be expected to stay up-to-date with the latest cybersecurity trends and technologies.

Qualifications

• Application Security and Network Security skills
• Experience in Cybersecurity and Malware Analysis
• Strong Analytical Skills
• Excellent problem-solving and critical-thinking abilities
• Effective communication and collaboration skills
• Ability to work independently in a remote environment
• Relevant certifications such as CISSP, CEH, or equivalent are a plus
• Bachelor's degree in Computer Science, Information Security, or related field

Job description:

Job Title:
Cybersecurity Analyst

Location:
Gulberg, Lahore (On-Site Role)

Experience:
3 to 5 Years

Responsibilities:

Tech Bridge Consultancy seeks experience in security monitoring solutions, incident response and other cybersecurity tools and technologies implementation capabilities. In your role, your duties will include the following:

• SOC monitoring coverage for any of the following shifts: 
  EST Time 8:00am – 4:00pm (PST 5:00pm – 1:00am), 4:00pm – 12:00am (PST 1:00am – 9:00am), 12:00am – 8:00am (PST 9:00am – 5:00pm)
  ; the work week is considered a minimum of 40 hours each week. Day to day security logging and monitoring solutions; identifying false positives and detecting potential or real threats
• In-depth analysis of security events, alerts and incidents
• Promptly responding to customer enquiries via emails and/or phone calls; responding to security incidents and threats
• Analyzing logs, network traffic and data to identify potential threats and vulnerabilities
• Development security dashboards and reporting; compile threat intelligence reports and manage log data
• Configuration of security tools and technologies (e.g. SIEM, EDR, VM, etc.)
• Configuration of network and security appliances (e.g. Firewalls, routers, switches, HIDS, NIDS, etc.)
• Endpoint security configuration (Defender, CrowdStrike, SentinelOne, Webroot, Kaspersky, etc.)
• Firewall rules configuration and optimization
• SIEM rules configuration (Sentinel, Splunk, Log Rhythm, etc.)
• Technical writing and security policy development
• Staying current on industry trends, keeping up-to-date with relevant CVE's and the evolving threat landscape
• Conducting vulnerability scans of network and applications
• Keeping company systems up-to-date with current security patches
• Recommending security improvements to line managers or senior management

Requirements:

• Strong understanding of cybersecurity principles and the SOC environment
• Bachelor's degree in cyber security, computer sciences or equivalent
• Good understanding of vulnerability management tools and techniques
• Good understanding of Windows, Linux and macOS operating systems and endpoints
• Knowledge of modern problem-solving skills, and keen attention to detail
• Good understanding of the modern security in SDLC practices
• Capable of Balancing multiple priorities and remaining flexible in a changing environment
• Good communication and interpersonal skills
• Familiarity with regulatory compliance and security standards (ISO27001, SOC 2 TYPE 1 and TYPE 2, NERC CIP, IE 62443, NIST CSF, etc.)

Other duties may include:

· Contribute to the preparation of technical documentation, including proposals, tenders, RFPs (Requests for Proposals), and RFIs (Requests for Information)

· Participate in business development activities directly related to the sale of cybersecurity services and other tasks supporting the delivery of cybersecurity products and services

· Personnel are required to work on-site; remote or hybrid work options will not be available

· Personnel must strictly use company-provided computer assets, hardware, and licensed software to perform all assigned services

· Personnel must not work more than 12 consecutive hours per shift

· Personnel are required to adhere to internal cybersecurity and IT policies and standards

· Personnel are required to strictly uphold confidentiality and integrity clauses while dealing with all customer data

Description
Company Overview:

When it comes to IT solution providers, there are a lot of choices. But when it comes to providers with innovative and differentiating end-to-end service offerings, there's really only one: Zones – First Choice for IT.TM

Zones is a Global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Positioned to be the IT partner you need, Zones, a Minority Business Enterprise (MBE) in business for over 35 years, specializes in Digital Workplace, Cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, leveraging a robust portfolio, and utilizing the highest certification levels from key partners, including Microsoft, Apple, Cisco, Lenovo, Adobe, and more, Zones has mastered the science of building digital infrastructures that change the way business does business ensuring whatever they need, they can Consider IT Done. Follow Zones, LLC on Twitter @Zones, and LinkedIn and Facebook.

Position Overview
As the Information Security Analyst - Compliance & Risk Management, you will analyze management and technical controls to ensure compliance with security requirements. This includes mapping regulatory and security requirements across the information security framework and tracking enterprise compliance across multiple security frameworks. You will also assist internal teams in preparing for internal and external assessments and audits, collaborate on critical IT projects to address security policy and risk issues, and develop key performance metrics to track and ensure compliance with policies and standards.

What you'll do as the Information Security Analyst – Compliance & Risk Management:

Employees employed in the role of Information Security Analyst – Compliance & Risk Management shall be required to apply their independent minds and demonstrate intellectual abilities in their decision-making.

The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Analyze management and technical controls to ensure specific security and compliance requirements are met.
• Map regulatory/security requirements across the information security framework.
• Track enterprise compliance across multiple security frameworks including ISO27001, 27701, SOC2, GDPR, and PCI-DSS, maintaining up-to-date records of requirements and corresponding mitigating controls.
• Help internal teams with readiness for internal/external assessments/audits against industry standards and review programs/documentation for conformance.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
• Develop key performance metrics to track and ensure compliance with established policies and standards.

What You Will Bring To The Team

• 5-7 years of information security experience.
• Experience with ISO 27001, SOC 2, and PCI-DSS compliance.
• Strong communication skills (verbal and written).
• Ability to meet deadlines and work under pressure.
• Experience of working in US-based multinational organizations is a plus.
• Security certifications such as CISSP/CISA, ISO27001.
• Extensive experience with auditing vendors/service providers/partners for compliance with security.
• Experience of working extensively with the Engineering teams (system admin, network admin, security admin, application teams) to effectively communicate the compliance requirements
• Bachelor's degree in Computer Science or Information Technology.

Zones offers a comprehensive Benefits package

At Zones, we are committed to fostering an inclusive and diverse workplace where every team member is valued and supported. We offer life insurance, optional health insurance, and retirement benefits in line with Company policy. Employees also enjoy additional perks such as the Voluntary Pension Scheme, EOBI, complimentary meals, and access to our in-house gym.

We take pride in being an equal opportunity employer and remain dedicated to maintaining a workplace free from discrimination of any kind. If you are passionate about driving innovation in IT, sales, engineering, or operations, Zones provides a dynamic and collaborative environment to help you grow your career.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

Job timings: 08:00 PM to 05:00 AM (Pk time)

About Nakisa
Nakisa stands as a global leader in enterprise business solutions, specializing in Human Resources, Financial Management, and Real Estate. We are dedicated to delivering innovative, forward-thinking, and robust software solutions that propel business strategies forward. Trusted by numerous Fortune 1000 companies, our top-of-the-line solutions have consistently excelled in the market, underscoring our commitment to providing our clients with unparalleled experience.

Our team represents a rich tapestry of cultural and religious backgrounds, making diversity our greatest asset. Unified by our values of Fairness, Integrity, Service, and Humility, we foster an environment where unity and teamwork are our core strengths. At Nakisa, we continuously strive to ensure that these values guide our actions at every level.

As a company, we are in a phase of dynamic growth and prosperity, offering ample opportunities for those who join us on this journey to develop and thrive alongside us. If you are seeking a workplace where your contributions are valued and where you can actively participate in our pursuit of excellence, Nakisa welcomes you with open arms.

We're recognized as one of the best Canadian employers, having been named one of Montreal's top employers, as well as
one of Canada's best employers
for recent graduates.

Our people and our culture are the key to our success. If you're looking for a workplace that embraces a hybrid work model, values your contributions, and encourages active participation in our pursuit of excellence, Nakisa warmly invites you to join us.

Description:
Nakisa is seeking a detail-oriented, proactive, and technically curious
Security and Compliance Analyst
to support our growing global security and compliance initiatives. This role is central to maintaining and enhancing Nakisa's compliance posture with recognized standards such as
SOC 1, SOC 2, ISO/IEC 27001
, and data privacy regulations.

You'll work closely with internal teams and external auditors to manage evidence collection, track audit deliverables, and maintain robust documentation. You'll also assist with RFPs/RFIs from prospective clients and contribute to internal security improvement projects. A strong interest and understanding of
Artificial Intelligence (AI)
, particularly its implications on compliance and security, is essential.

This is an excellent opportunity for someone looking to launch or grow a career in information security and compliance in a
fast-paced SaaS environment
that is deeply invested in
cloud technology, AI
, and
process excellence
.

Key Responsibilities:

• Coordinate and manage tasks related to Nakisa's security and compliance programs, including SOC 1, SOC 2, and ISO 27001 audits.
• Collaborate with internal stakeholders and external auditors to collect, organize, and validate audit evidence and documentation.
• Drive and support continuous improvement of internal processes, controls, and compliance documentation.
• Assist in completing security and compliance sections of RFPs, RFIs, and due diligence questionnaires from prospects and clients.
• Contribute to internal information security projects and process improvements.
• Ensure documentation and policies are accurate, up-to-date, and aligned with industry standards.
• Monitor and follow up on compliance deadlines, audit deliverables, and remediation actions.
• Stay informed on evolving security frameworks, regulatory requirements, and AI-related security practices.
• Educate employees on security awareness topics and best practices through training, content creation, or internal communications.

Qualifications:

• Bachelor's degree in information security, Cybersecurity, Information Systems, Computer Science, or a related field—or equivalent hands-on experience.
• Solid knowledge of industry standards and frameworks, such as:
• SOC 1 / SOC 2 (Type I & II), ISO/IEC 27001 & 27017, CIS Controls, Data protection regulations (GDPR, PIPEDA, CCPA, etc.)
• Strong reporting and documentation skills:
• Proficiency in generating audit reports, compliance documentation, and RFP/RFI responses
• Skilled in Excel, Word, PowerPoint, and PDF tools for structured reporting and evidence tracking
• Experience with compliance audits, security questionnaires, or risk assessments
• Basic technical knowledge of cloud environments (AWS, Azure, GCP), access controls, encryption, and security operations
• Exceptional attention to detail, with the ability to identify gaps, maintain precision, and meet deadlines
• Strong verbal and written communication skills, comfortable working cross-functionally with internal teams, auditors, and clients
• Demonstrated interest and foundational knowledge in Artificial Intelligence, especially its impact on cybersecurity and compliance

Preferred:

• 3+ years of relevant work experience in security compliance, audit, or GRC functions
• Exposure to internal controls testing, risk registers, or information security policies
• Certifications (or active pursuit) such as:
• Certified in Cybersecurity (ISC² CC), ISO 27001 Lead Implementer or Foundations, CISA etc.

We are excited to see how you can contribute to Nakisa's continued success and innovation. If you are passionate about making a difference and ready to take on new challenges, we invite you to apply for this role. At Nakisa, we believe in fostering a supportive and engaging work environment where every team member can thrive and grow. Apply now to join our team and help shape the future of enterprise business solutions.

We look forward to reviewing your application and getting to know you better.

Job Summary:

The Cyber Security Associate will play an important role in ensuring the reliability and security of LMKR's network infrastructure. This role emphasizes network monitoring, firewall administration, and device hardening, while also providing exposure to enterprise security operations. The candidate should have a solid grasp of networking fundamentals and security practices, with the ability to support ongoing improvements in LMKR's cybersecurity environment.

Job Description:

• Monitor
  network traffic and device utilization
  to identify anomalies or potential security issues.
• Maintain and analyze logs from
  firewalls, routers, and security tools
  .
• Apply and manage
  security policies and access rules
  on firewalls and network devices.
• Conduct
  system health checks and endpoint protection monitoring
  .
• Support in
  device hardening and network security audits
  (based on CIS/ISO standards).
• Assist in
  incident handling and escalation
  when network or security issues arise.
• Collaborate with NOC, IT, and compliance teams to strengthen overall
  network security posture
  .
• Document
  network events, changes, and security reports
  for internal records.
• Stay updated on
  emerging network security threats and countermeasures

Required Skills:

• Strong understanding of
  networking protocols
  (TCP/IP, DNS, DHCP, HTTP/S, SMTP, SNMP, NetFlow, VPNs).
• Hands-on knowledge of
  firewalls and access control policies
  .
• Experience with
  network monitoring tools
  (NMS, NetFlow, Wireshark, IDS/IPS).
• Familiarity with
  endpoint security solutions
  and basic incident handling.
• Understanding of
  system/device hardening
  practices and
  CIS benchmarks
  .
• Basic knowledge of
  Linux & Windows security administration
  .
• Awareness of
  ISO 27001, NIST, or other security frameworks
  .

Soft Skills:

• Strong analytical and troubleshooting ability.
• Good communication and documentation skills.
• Ability to work with cross-functional teams (NOC, IT, QA).
• Proactive in learning and adapting to new tools and threats.

Experience:

• 1–2 years of networking/security-related experience.

Education/Qualification:

• Bachelor's degree in
  Cyber Security, Computer Science, or IT
  .
• Certifications such as
  CompTIA Security+, CCNA Security, CNSP, or ISO 27001 Associate
  are a plus.

Job Location:

• Islamabad(Onsite)

Job Title:
 SOC Analyst

Location:
 Gulberg, Lahore (On-Site Role)

Experience:
2 to 3 Years

Responsibilities:

Tech Bridge Consultancy seeks experience in security monitoring solutions, incident response and other cybersecurity tools and technologies implementation capabilities. In your role, your duties will include the following:

• SOC monitoring coverage for any of the following shifts: 
  EST Time 8:00am – 4:00pm (PST 5:00pm – 1:00am), 4:00pm – 12:00am (PST 1:00am – 9:00am), 12:00am – 8:00am (PST 9:00am – 5:00pm)
  ; the work week is considered a minimum of 40 hours each week. Day to day security logging and monitoring solutions; identifying false positives and detecting potential or real threats
• In-depth analysis of security events, alerts and incidents
• Promptly responding to customer enquiries via emails and/or phone calls; responding to security incidents and threats
• Analyzing logs, network traffic and data to identify potential threats and vulnerabilities
• Development security dashboards and reporting; compile threat intelligence reports and manage log data
• Configuration of security tools and technologies (e.g. SIEM, EDR, VM, etc.)
• Configuration of network and security appliances (e.g. Firewalls, routers, switches, HIDS, NIDS, etc.)
• Endpoint security configuration (Defender, CrowdStrike, SentinelOne, Webroot, Kaspersky, etc.)
• Firewall rules configuration and optimization
• SIEM rules configuration (Sentinel, Splunk, LogRhythm, etc.)
• Technical writing and security policy development
• Staying current on industry trends, keeping up-to-date with relevant CVE's and the evolving threat landscape
• Conducting vulnerability scans of network and applications
• Keeping company systems up-to-date with current security patches
• Recommending security improvements to line managers or senior management

Requirements:

• Strong understanding of cybersecurity principles and the SOC environment
• Bachelor's degree in cyber security, computer sciences or equivalent
• Good understanding of vulnerability management tools and techniques
• Good understanding of Windows, Linux and macOS operating systems and endpoints
• Knowledge of modern problem-solving skills, and keen attention to detail
• Good understanding of the modern security in SDLC practices
• Capable of Balancing multiple priorities and remaining flexible in a changing environment
• Good communication and interpersonal skills
• Familiarity with regulatory compliance and security standards (ISO27001, SOC 2 TYPE 1 and TYPE 2, NERC CIP, IE 62443, NIST CSF, etc.)

Other duties may include:

· Contribute to the preparation of technical documentation, including proposals, tenders, RFPs (Requests for Proposals), and RFIs (Requests for Information)

· Participate in business development activities directly related to the sale of cybersecurity services and other tasks supporting the delivery of cybersecurity products and services

· Personnel are required to work on-site; remote or hybrid work options will not be available

· Personnel must strictly use company-provided computer assets, hardware, and licensed software to perform all assigned services

· Personnel must not work more than 12 consecutive hours per shift

· Personnel are required to adhere to internal cybersecurity and IT policies and standards

· Personnel are required to strictly uphold confidentiality and integrity clauses while dealing with all customer data