29 Security Analysts jobs in Pakistan

Hiring: Vulnerability Assessment Consultant (Automation & AI Focus)

We're looking for a Vulnerability Assessment Analyst experienced with Tenable Nessus to help strengthen our enterprise security posture. The ideal candidate will not only identify and assess vulnerabilities but also leverage automation and AI-driven insights to enhance detection, streamline analysis, and accelerate remediation.

Key Responsibilities:

Conduct vulnerability assessments across networks, servers, applications, and cloud environments using Nessus.

Configure and optimize scan policies, templates, and credentials. Automate scanning, reporting, and remediation workflows through Python, Bash, or PowerShell scripting.

Use AI-assisted tools to improve accuracy, reduce false positives, and predict potential exploit patterns.

Collaborate with IT and Security teams to validate findings and ensure timely remediation.

Stay updated on emerging CVEs, threats, and advancements in AI-driven vulnerability management.

Align assessments with ISO 27001, NIST, and CIS benchmarks.

What We're Looking For:

Proven experience with Tenable Nessus Professional.

Strong understanding of network protocols, OS (Windows/Linux), and web technologies.

Familiarity with vulnerability management frameworks and CVSS scoring.

Hands-on scripting experience for automation.

Excellent communication, collaboration, and problem-solving skills.

Bachelor's degree in Cybersecurity, IT, or related field.

Certifications such as Security+, CEH, or Tenable Certified are a plus.

Soft Skills:

We value professionals who are curious, analytical, and collaborative; able to communicate technical issues in clear, actionable language and adapt quickly to emerging security challenges.

Interested candidates can share their CVs at ( and ) with the subject line "Vulnerability Assessment Consultant – (Your Name)".

We are seeking a highly skilled Information Security Analyst to join our growing team. In this role, you will play a crucial role in safeguarding our sensitive financial data and ensuring compliance with industry regulations. The ideal candidate will have a deep understanding of information security principles and best practices, with experience in the fintech or financial services sector. ensuring the protection of our digital assets from unauthorized access and breaches. Additionally, the analyst will be responsible for creating detailed security reports, updating incident response plans and educating employees on best security practices.

Key Responsibilities:

· Monitor and analyze security events and incidents to identify potential threats and vulnerabilities, with a focus on protecting sensitive financial data

· Conduct regular security assessments and audits to ensure compliance with regulatory requirements such as PCI DSS, ISO 27001 and

· Collaborate with cross-functional teams to implement security controls and measures to mitigate cyber risks and safeguard our systems and infrastructure

· Develop and update incident response plans to manage and mitigate the impact of security breaches efficiently.

· Ensure third-party vendors comply with security requirements and standards, mitigating external risks

· Conduct security awareness training and education programs for employees to promote a culture of security awareness.

· Assist with the implementation and management of security tools and technologies, such as firewalls, intrusion detection/prevention systems, and endpoint security solutions.

Desired Skills and Experience:

· In-depth knowledge of cybersecurity, firewalls, network security, information assurance, Linux, UNIX, security information and event management (SIEM), application security, security engineering, and security architecture.

· Proficiency in ethical hacking to expose vulnerabilities and protect against malicious attacks.

· Certifications such as CISSP, CISM, CSSP are a plus

· 3 years of experience in information security roles, with a focus on security analysis and incident response.

· Strong analytical skills for assessing and mitigating security risks.

· Extensive experience in conducting penetration tests on a variety of systems and applications to identify security vulnerabilities.

Interested candidates apply

Description
Company Overview:

When it comes to IT solution providers, there are a lot of choices. But when it comes to providers with innovative and differentiating end-to-end service offerings, there's really only one: Zones – First Choice for IT.TM

Zones is a Global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Positioned to be the IT partner you need, Zones, a Minority Business Enterprise (MBE) in business for over 35 years, specializes in Digital Workplace, Cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, leveraging a robust portfolio, and utilizing the highest certification levels from key partners, including Microsoft, Apple, Cisco, Lenovo, Adobe, and more, Zones has mastered the science of building digital infrastructures that change the way business does business ensuring whatever they need, they can Consider IT Done. Follow Zones, LLC on Twitter @Zones, and LinkedIn and Facebook.

Position Overview
As the Information Security Analyst - Compliance & Risk Management, you will analyze management and technical controls to ensure compliance with security requirements. This includes mapping regulatory and security requirements across the information security framework and tracking enterprise compliance across multiple security frameworks. You will also assist internal teams in preparing for internal and external assessments and audits, collaborate on critical IT projects to address security policy and risk issues, and develop key performance metrics to track and ensure compliance with policies and standards.

What you'll do as the Information Security Analyst – Compliance & Risk Management:

Employees employed in the role of Information Security Analyst – Compliance & Risk Management shall be required to apply their independent minds and demonstrate intellectual abilities in their decision-making.

The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Analyze management and technical controls to ensure specific security and compliance requirements are met.
• Map regulatory/security requirements across the information security framework.
• Track enterprise compliance across multiple security frameworks including ISO27001, 27701, SOC2, GDPR, and PCI-DSS, maintaining up-to-date records of requirements and corresponding mitigating controls.
• Help internal teams with readiness for internal/external assessments/audits against industry standards and review programs/documentation for conformance.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
• Develop key performance metrics to track and ensure compliance with established policies and standards.

What You Will Bring To The Team

• 5-7 years of information security experience.
• Experience with ISO 27001, SOC 2, and PCI-DSS compliance.
• Strong communication skills (verbal and written).
• Ability to meet deadlines and work under pressure.
• Experience of working in US-based multinational organizations is a plus.
• Security certifications such as CISSP/CISA, ISO27001.
• Extensive experience with auditing vendors/service providers/partners for compliance with security.
• Experience of working extensively with the Engineering teams (system admin, network admin, security admin, application teams) to effectively communicate the compliance requirements
• Bachelor's degree in Computer Science or Information Technology.

Zones offers a comprehensive Benefits package

At Zones, we are committed to fostering an inclusive and diverse workplace where every team member is valued and supported. We offer life insurance, optional health insurance, and retirement benefits in line with Company policy. Employees also enjoy additional perks such as the Voluntary Pension Scheme, EOBI, complimentary meals, and access to our in-house gym.

We take pride in being an equal opportunity employer and remain dedicated to maintaining a workplace free from discrimination of any kind. If you are passionate about driving innovation in IT, sales, engineering, or operations, Zones provides a dynamic and collaborative environment to help you grow your career.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

Job timings: 08:00 PM to 05:00 AM (Pk time)

Responsible for designing and implementing enterprise-wide security architectures to protect organizational information systems. Ensures robust security frameworks, compliance with industry standards, and proactive threat mitigation. Collaborates with IT, risk, and business teams to evaluate security risks, integrate advanced security solutions, and optimize defenses. Develops policies, procedures, and technical controls to safeguard data, systems, and networks, while continuously monitoring emerging threats and evolving security technologies to maintain a resilient security posture.

• Design, implement, and maintain enterprise security architecture strategies effectively.
• Evaluate system vulnerabilities and recommend mitigation strategies proactively.
• Collaborate with IT teams to integrate security solutions seamlessly.
• Ensure compliance with regulatory and industry security standards consistently.
• Conduct risk assessments and provide recommendations for security improvements.
• Develop security policies, standards, and guidelines for organization.
• Monitor emerging threats and recommend advanced protective measures regularly.
• Provide guidance on secure system designs and architecture reviews.

• Expertise in network, application, and cloud security architecture principles.
• Strong knowledge of security frameworks, standards, and regulatory requirements.
• Proficiency in threat modeling, risk assessment, and mitigation techniques.
• Experience with security tools, monitoring, and incident response processes.
• Excellent analytical, problem-solving, and communication skills for collaboration.
• Ability to design and implement scalable, resilient security architectures.

Note: Salary is disbursed in the local currency of the country of employment.

• Date Posted

August 20, 2025
- Location

Hyderabad
- Offered Salary:

¤ ¤
- Expiration date

June 2, 2026
- Experience

5 Year
- Gender

Both
- Qualification

Bachelor Degree
- Career Level

Others

We're looking for an experienced Information Security Manager to lead our security operations, compliance and governance while building a culture of cyber resilience across the organization.

Requirements:

8+ years in information security (4 years in leadership role).

Strong knowledge of security frameworks (ISO 27001, NIST).

Hands-on with SOC, SIEM, vulnerability management & DevSecOps.

Overall security compliance & GRC expertise.

Certifications like CISSP, CISM, or CISA a big plus.

Are you passionate about cybersecurity and looking to make a real impact in the fast-evolving world of digital banking? We're seeking a dynamic Information Security Administrator to take charge of securing our cutting-edge Digital Retail Bank (DRB) infrastructure. This role is perfect for someone who thrives on deploying state-of-the-art security solutions, managing SIEM integrations, and ensuring compliance with industry-leading frameworks. If you're ready to lead security initiatives, protect critical assets, and shape the future of secure digital banking, this is your opportunity

Requirements
Security Infrastructure & Implementation:

• Design, deploy, and optimize security solutions to safeguard digital banking platforms
• Strengthen network and system security through proactive hardening techniques
• Implement cutting-edge cloud security strategies across AWS, Azure, and Google Cloud
• Ensure compliance with top cybersecurity regulations and frameworks.

Operations & Administration:

• Oversee system security, endpoint protection, and real-time threat detection
• Manage user access control, identity verification, and multi-factor authentication
• Support incident response efforts, conduct forensic investigations, and mitigate risks
• Develop and enforce security policies, procedures, and best practices.

Technical Expertise & SIEM Management:

• Configure and maintain firewalls, IDS/IPS, VPNs, and endpoint security tools
• Deploy and integrate SIEM solutions (QRadar, Splunk, ArcSight, Wazuh, etc.) for real-time monitoring
• Oversee log and event management to detect and neutralize security threats
• Implement automation to streamline security operations and incident response.

Threat Prevention & Awareness:

• Conduct risk assessments and proactively manage vulnerabilities before they become threats
• Stay ahead of emerging cyber threats and implement cutting-edge defenses
• Drive company-wide cybersecurity awareness through training and education initiatives
• Collaborate with IT, compliance, and business teams to strengthen security posture.

Qualifications

• Bachelor's degree in Computer Science, IT, Cybersecurity, or a related field
• 4-6 years of experience in infrastructure security, cybersecurity operations, or cloud security
• Strong expertise in network protocols, firewalls, VPNs, IDS/IPS, and endpoint security
• Hands-on experience with SIEM solutions (QRadar, Splunk, ArcSight, Wazuh, etc.)
• Proficiency in cloud security (AWS, Azure, Google Cloud) and securing virtual environments
• Strong skills in writing and enforcing security policies and guidelines
• Professional certifications like CISSP, CEH, OSCP, or vendor-specific security credentials are a plus
• Scripting and automation skills (Python, PowerShell, SPL, SQL) to enhance security operations

Are you an experienced cybersecurity professional eager to take on a key role in securing Digital Retail Banking (DRB) operations? We are looking for a Cybersecurity Specialist to lead the implementation and monitoring of SIEM/SOC solutions, conduct security testing, and manage security tools such as antivirus, endpoint protection, and data leak prevention. This role ensures compliance with security frameworks and enforces cybersecurity policies to protect critical banking infrastructure. If you have a passion for threat management, vulnerability assessments, and security architecture, this is your chance to make a real impact

Threat & Incident Management:

• Identify, assess, and mitigate cybersecurity threats across digital banking platforms.
• Support incident response by analyzing security events and escalating issues.
• Manage access control policies to prevent unauthorized access to sensitive data.

Security Tools Management:

• Deploy, configure, and manage SIEM/SOC solutions (QRadar, Splunk, ArcSight, Wazuh, etc.).
• Maintain and optimize antivirus, endpoint protection, and data leak prevention tools.
• Continuously evaluate security tools to enhance detection and response capabilities.

Technical Security Implementation:

• Design and implement network security controls (firewalls, IDS/IPS, VPNs).
• Conduct vulnerability assessments and penetration tests on networks, applications, and systems.
• Implement patch management strategies to address security gaps.

Security Architecture & Compliance:

• Ensure compliance with MITRE ATT&CK, NIST, PCI-DSS, ISO 27001, and regulatory standards.
• Monitor security event logs and analyze anomalies for proactive threat detection.
• Work with cross-functional teams to integrate security best practices across cloud and on-prem environments.

Research & Development:

• Track emerging cyber threats and enhance detection techniques.
• Conduct threat intelligence analysis and proactively implement risk mitigation measures.
• Lead cybersecurity awareness initiatives and train internal teams on security protocols.

Documentation & Reporting:

• Maintain system documentation, incident response playbooks, and escalation procedures.
• Generate security reports and dashboards for continuous security posture improvement.

Requirements

• Bachelor's degree in Computer Science, IT, Cybersecurity, or a related field.
• 7-9 years of experience in infrastructure security, cybersecurity operations, or penetration testing.
• Expertise in SIEM implementation & security monitoring using QRadar, Splunk, ArcSight, Wazuh, or similar platforms.
• Strong knowledge of network security protocols, firewalls, IDS/IPS, VPNs, and endpoint security.
• Hands-on experience with security testing tools (Metasploit, Burp Suite, Nessus, etc.).
• Proficiency in scripting and automation (Python, PowerShell, Bash) to improve security controls.
• Experience with cloud security best practices (AWS, Azure, Google Cloud) and securing virtual environments.
• Familiarity with forensic investigation techniques, malware analysis, and threat intelligence.
• Professional certifications such as CISSP, CEH, OSCP, or vendor-specific security credentials are a plus.

Department:
Information Security

Reports To:
Chief Executive Officer

Job Grade:
SVP

Total Position
: 01

Location:
Head Office, Islamabad

What is Head Information Security – MMBL?

The
Head Information Security at Mobilink Microfinance Bank Ltd. (MMBL)
is a senior leadership position responsible for developing and overseeing the bank's cybersecurity and information security strategies. This role involves ensuring that all digital assets, customer data, and internal systems are protected against cyber threats by implementing robust policies, frameworks, and incident response plans in line with international best practices and regulatory requirements.

The Head Information Security works closely with senior management and regulatory bodies to monitor risks, respond to emerging threats, and cultivate a strong security culture within the organization. Additionally, the role requires strategic thinking, technical expertise, and effective communication skills to influence decision-making at the highest levels and to align security efforts with the bank's overall goals.

What Head Information Security – MMBL Does?

• Provide vision, leadership, and strategic direction for Information Security to safeguard MMBL's information assets.
• Develop and maintain information security policies and procedures aligned with best industry practices.
• Implement a comprehensive Information Security Framework to protect bank systems and data from threats.
• Prepare and maintain a Cyber Security Action Plan to anticipate, withstand, detect, and respond to cyber-attacks in line with international standards.
• Implement a robust Incident Reporting Mechanism to report security incidents to senior management, Board of Directors (BoD), and regulators as required.
• Periodically prepare and present updates, reports, and statistics to the Board Risk Management & Compliance Committee (RCC) on cybersecurity developments and implementation status.
• Manage an effective Information Security Risk Management process: Identify, measure, monitor, and control risks. Prioritize material information security risks.
• Assess risks related to technology outsourcing and procurement.
• Evaluate information security risks in new and significantly changed applications or software systems.
• Monitor technological developments and remain up-to-date on emerging cyber risk management practices.
• Identify and prioritize critical information system assets.
• Conduct periodic risk-based vulnerability assessments and impact analysis.
• Ensure implementation of security controls and corrective actions to address identified vulnerabilities.
• Establish a testing program to validate the effectiveness of controls and the overall security environment regularly.
• Oversee the investigation of information security incidents.
• Gather and analyze internal and external threat intelligence to strengthen security posture.
• Collaborate with industry peers to share experiences and enhance MMBL's resilience and preventive capabilities.
• Promote security awareness among employees and encourage adherence to best practices.
• Perform any other tasks assigned by immediate supervisors, senior management, or the board.

What are we looking for and what does it require to be Head Information Security - MMBL?

• Education: Bachelor's or Master's degree in Computer Science, Information Security, or related field. Relevant certifications such as CISSP, CISM, CISA, CEH preferred.
  • Experience: Minimum 10 years in Information Security within the banking or financial services sector.
  • Technical Expertise: In-depth understanding of information security frameworks (e.g., ISO 27001, NIST). Experience in cyber risk management, threat intelligence, and incident response. Knowledge of security technologies, vulnerabilities assessment tools, and mitigation techniques.
• Strategic & Operational Skills: Proven ability to develop and implement security policies, procedures, and cyber action plans. Strong capability in risk assessment for systems, applications, and third-party engagements. Experience in presenting to senior management and board committees.
• Leadership & Communication: Strong leadership and team management skills. Excellent written and verbal communication, especially in reporting to executive leadership. Ability to lead security awareness and training programs.
• Compliance & Governance: Familiarity with regulatory requirements and standards applicable to financial institutions. Experience in reporting and liaising with regulators and external stakeholders.

About MMBL:

Mobilink Microfinance Bank Ltd. is providing banking services to over 48 million registered users including 20+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 114 branches and 270,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan instalments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion. MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.

Why Join MMBL?

This is an opportunity for someone who is passionate about making a difference and playing a key role in driving transformative change. Our team is committed to empowering millions with the tools necessary to succeed in the digital age, and we're looking for a talented individual to join us in this endeavour.

COMPANY OVERVIEW :

Our client, a Karachi-based, State Bank of Pakistan (SBP) regulated Electronic Money Institution (EMI), seeks to appoint an experienced professional for the following role:

As Manager Information Security, you will be responsible for establishing and enforcing security protocols that safeguard companys information systems, digital assets, and customer data.

Key Areas of Responsibilities

• Develop & Implement Information Security Strategy Design and execute a comprehensive information security roadmap aligned with companys digital infrastructure, business model, and regulatory obligations.
• Cybersecurity Risk Management Identify, assess, and mitigate cybersecurity risks across infrastructure, applications, APIs, mobile platforms, and third-party integrations.
• Regulatory Compliance & SBP Alignment Ensure full compliance with SBP guidelines and international security frameworks (e.g., ISO 27001, NIST), and act as the point of contact for regulator-driven security reviews.
• Security Architecture & Operations Oversee the design, configuration, and monitoring of security systems including firewalls, endpoint protection, SIEM, encryption, and identity/access management tools.
• Incident Response & Threat Management Develop and lead the incident response process, including detection, containment, investigation, recovery, and post-mortem reporting.
• Security Audits & Penetration Testing Coordinate regular internal and third-party audits, vulnerability assessments, and penetration testing to ensure system hardening.
• Employee Awareness & Policy Enforcement Establish security awareness programs, train internal staff, and enforce information security policies across all departments.
• Collaboration with Internal Audit & IT Work closely with Internal Audit, Technology, and Compliance teams to ensure consistent enforcement of risk controls and secure infrastructure design.

Education

• Minimum 16 years of education, preferably, Masters from a renowned and HEC recognized university or institution/equivalent foreign degree holder institution, in any/or combination of the disciplines
• Professional certifications such as CISSP , CISM , CEH , or ISO 27001 Lead Implementer/Auditor are highly desirable

Experience

• Information Security Expertise Minimum 5 years of relevant experience in information security or cybersecurity roles, preferably within fintech, digital banking, or regulated financial institutions
• Regulatory & Standards Knowledge Strong understanding of SBP cybersecurity guidelines, ISO 27001, NIST, and relevant global information security frameworks
• Incident Management & Threat Response Demonstrated experience in handling security incidents, vulnerability assessments, and threat intelligence operations
• Security Operations & Architecture Hands-on experience with firewalls, IDS/IPS, antivirus, endpoint protection, IAM, encryption, and secure network architecture

Age

• The candidate should be preferably not more than 40 years of age as of last date of submission of application.
  

If you have the required experience and educational qualification to take up the challenging role, you are requested to apply by October 24 , 2025 at

Only shortlisted candidates will be contacted.