166 Vulnerability Assessments jobs in Pakistan

Overview

Company Overview: Zones – First Choice for IT. Zones is a Global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Zones, a Minority Business Enterprise (MBE) with over 35 years in business, specializes in Digital Workplace, Cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, Zones partners with Microsoft, Apple, Cisco, Lenovo, Adobe, and more to build digital infrastructures that change how business operates.

As the Information Security Analyst - Compliance & Risk Management, you will analyze management and technical controls to ensure compliance with security requirements. This includes mapping regulatory and security requirements across the information security framework, tracking enterprise compliance across multiple security frameworks, assisting internal teams for internal and external assessments and audits, collaborating on IT projects to address security policy and risk issues, and developing key performance metrics to track and ensure compliance with policies and standards.

• Analyze management and technical controls to ensure specific security and compliance requirements are met.
• Map regulatory and security requirements across the information security framework.
• Track enterprise compliance across multiple security frameworks including ISO27001, 27701, SOC2, GDPR, and PCI-DSS; maintain up-to-date records of requirements and mitigating controls.
• Assist internal teams with readiness for internal/external assessments and audits against industry standards; review programs/documentation for conformance.
• Collaborate on critical IT projects to ensure security policy and risk issues are addressed throughout the project life cycle.
• Develop key performance metrics to track and ensure compliance with established policies and standards.

• 5-7 years of information security experience.
• Experience with ISO 27001, SOC 2, and PCI-DSS compliance.
• Strong communication skills (verbal and written).
• Ability to meet deadlines and work under pressure.
• Experience of working in US-based multinational organizations is a plus.
• Security certifications such as CISSP/CISA, ISO27001.
• Extensive experience auditing vendors/service providers/partners for security compliance.
• Experience working with Engineering teams (system admin, network admin, security admin, application teams) to effectively communicate compliance requirements.
• Bachelor’s degree in Computer Science or Information Technology.

Zones offers a comprehensive Benefits package. At Zones, we are committed to fostering an inclusive and diverse workplace where every team member is valued and supported. We offer life insurance, optional health insurance, and retirement benefits in line with Company policy. Employees also enjoy additional perks such as the Voluntary Pension Scheme, EOBI, complimentary meals, and access to our in-house gym.

We take pride in being an equal opportunity employer and remain dedicated to maintaining a workplace free from discrimination of any kind. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

08:00 PM to 05:00 AM (Pk time)

Job Title: Cybersecurity Analyst

Location: Gulberg, Lahore (On-Site Role)

Experience: 3 to 5 Years

Responsibilities:

Tech Bridge Consultancy seeks experience in security monitoring solutions, incident response and other cybersecurity tools and technologies implementation capabilities. In your role, your duties will include the following:

• SOC monitoring coverage for any of the following shifts: EST Time 8:00am – 4:00pm (PST 5:00pm – 1:00am), 4:00pm – 12:00am (PST 1:00am – 9:00am), 12:00am – 8:00am (PST 9:00am – 5:00pm); the work week is considered a minimum of 40 hours each week. Day to day security logging and monitoring solutions; identifying false positives and detecting potential or real threats
• In-depth analysis of security events, alerts and incidents
• Promptly responding to customer enquiries via emails and/or phone calls; responding to security incidents and threats
• Analyzing logs, network traffic and data to identify potential threats and vulnerabilities
• Development security dashboards and reporting; compile threat intelligence reports and manage log data
• Configuration of security tools and technologies (e.g. SIEM, EDR, VM, etc.)
• Configuration of network and security appliances (e.g. Firewalls, routers, switches, HIDS, NIDS, etc.)
• Endpoint security configuration (Defender, CrowdStrike, SentinelOne, Webroot, Kaspersky, etc.)
• Firewall rules configuration and optimization
• SIEM rules configuration (Sentinel, Splunk, Log Rhythm, etc.)
• Technical writing and security policy development
• Staying current on industry trends, keeping up-to-date with relevant CVE's and the evolving threat landscape
• Conducting vulnerability scans of network and applications
• Keeping company systems up-to-date with current security patches
• Recommending security improvements to line managers or senior management

Requirements:

• Strong understanding of cybersecurity principles and the SOC environment
• Bachelor's degree in cyber security, computer sciences or equivalent
• Good understanding of vulnerability management tools and techniques
• Good understanding of Windows, Linux and macOS operating systems and endpoints
• Knowledge of modern problem-solving skills, and keen attention to detail
• Good understanding of the modern security in SDLC practices
• Capable of Balancing multiple priorities and remaining flexible in a changing environment
• Good communication and interpersonal skills
• Familiarity with regulatory compliance and security standards (ISO27001, SOC 2 TYPE 1 and TYPE 2, NERC CIP, IE 62443, NIST CSF, etc.)

Other duties may include:

· Contribute to the preparation of technical documentation, including proposals, tenders, RFPs (Requests for Proposals), and RFIs (Requests for Information)

· Participate in business development activities directly related to the sale of cybersecurity services and other tasks supporting the delivery of cybersecurity products and services

· Personnel are required to work on-site; remote or hybrid work options will not be available

· Personnel must strictly use company-provided computer assets, hardware, and licensed software to perform all assigned services

· Personnel must not work more than 12 consecutive hours per shift

· Personnel are required to adhere to internal cybersecurity and IT policies and standards

· Personnel are required to strictly uphold confidentiality and integrity clauses while dealing with all customer data

Job Type: Full-time

Application Question(s):

• Are you comfortable with an on-site role, as this position is not remote or hybrid?
• Have you worked with vulnerability management tools?
• Are you familiar with any security compliance standards like ISO 27001, SOC 2, or NIST?
• Are you comfortable working onsite in any of the following SOC shift timings?
• Do you have experience working in a SOC (Security Operations Center)?
• Do you have strong written and verbal communication skills in English?

Work Location: In person

We are hiring for a " Cybersecurity Analyst" having 3+ years of experience.

Job Description:

• Implement and maintainsecure coding standards to mitigate secure coding vulnerabilities.

• Analyze, detect and respond to cyber threats through real-time monitoring and proactive defense strategies.

• Conduct vulnerabilities assessments, penetration testing and risk evaluations to identify and mitigate security issues.

• Develop and implement cybersecurity policies and frameworks based on NIST, ISO 27001, and other industry standards.

Essential Technical Skills:

• Proficient in Cyber Threat Intelligence (CTI)

• Experience with penetration testing and ethical hacking methodologies.

• Familiarity with Cybersecurity frameworks _e.g, NIST,MITRE, ATT & CK).

• Knowledge of network security tools such as firewalls, IDSIPS and SIEM platforms.

• Programming knowledge (e.g,Python, ava, C++) for secure software development.

Education and Experience:

• Bachelors in IT

• 3+ Years of Experience

Are you passionate about cyber threat detection and response? We are seeking a Cybersecurity Analyst to monitor, analyze, and triage security alerts, ensuring a proactive defense against evolving threats in a Digital Retail Bank (DRB) environment. This role involves SIEM monitoring, incident handling, vulnerability management, and compliance enforcement to maintain the highest security standards. If you have experience in threat intelligence, log analysis, and security policy implementation, this is the perfect opportunity to contribute to a dynamic and cutting-edge cybersecurity team.

Responsibilities

• Threat Monitoring & Detection:
• • Monitor and analyze SIEM alerts to detect potential security incidents.
• Conduct log analysis from firewalls, servers, applications, and endpoint security tools.
• Develop and refine correlation rules and use cases to improve threat detection.
• Utilize threat intelligence sources to enhance anomaly detection and response.
• Incident Response:
• • Perform initial triage and incident handling to assess potential threats.
• Conduct root cause analysis to determine the impact and scope of security events.
• Maintain detailed incident documentation for compliance and reporting purposes.
• Vulnerability Management:
• • Perform vulnerability scanning and risk assessment to identify security gaps.
• Support penetration testing efforts and assist in remediation strategies.
• Develop and implement risk mitigation plans to reduce attack vectors.
• Security Policy & Compliance:
• • Ensure adherence to regulatory security frameworks (PCI DSS, ISO 27001, SBP regulations).
• Conduct security awareness training for internal teams.
• Monitor compliance with security policies and recommend necessary improvements.
• Research & Continuous Improvement:
• • Stay updated on emerging threats, attack techniques, and cybersecurity trends.
• Continuously optimize SIEM correlation rules and fine-tune detection mechanisms.
• Enhance security operations processes to improve efficiency.
• Collaboration & Third-Party Security:
• • Work closely with internal security teams and third-party service providers to correlate threat intelligence.
• Collaborate with IT and business units to enhance overall cyber resilience.

Requirements

• Bachelor's degree in Computer Science, IT, Cybersecurity, or a related field.
• 4-6 years of experience in infrastructure security, SIEM monitoring, or threat intelligence.
• Strong understanding of network protocols, firewalls, VPNs, IDS/IPS, and endpoint security.
• Proficiency in using SIEM solutions (QRadar, Splunk, ArcSight, Wazuh, etc.).
• Expertise in vulnerability assessment, threat modeling, and risk analysis.
• Hands-on experience with security tools (Metasploit, Burp Suite, Nessus, etc.).
• Experience in policy development, security guidelines, and compliance frameworks.
• Proficiency in scripting languages (Python, PowerShell, SPL, SQL) for security automation.
• Professional certifications such as CISSP, CEH, OSCP, or vendor-specific security credentials are a plus.

Objectives & KPIs

• Mean Time to Detect (MTTD): Average time taken to detect, analyze, and escalate security incidents.
• Incident Resolution Rate: Percentage of incidents resolved within predefined SLAs.
• Alert Accuracy: Ratio of false positives vs. true positives identified in SIEM alerts.
• SIEM Optimization: Percentage of correlation rules and use cases updated or improved.
• Root Cause Analysis (RCA) Completion: Percentage of incidents with a thorough RCA report.
• Rule Tuning Frequency: Regular enhancements to improve SIEM efficiency and reduce unnecessary alerts.
• Regulatory Compliance: Percentage of adherence to SBP regulations, PCI DSS, ISO 27001, and security standards.

We are seeking a highly skilled Information Security Analyst to join our growing team. In this role, you will play a crucial role in safeguarding our sensitive financial data and ensuring compliance with industry regulations. The ideal candidate will have a deep understanding of information security principles and best practices, with experience in the fintech or financial services sector. ensuring the protection of our digital assets from unauthorized access and breaches. Additionally, the analyst will be responsible for creating detailed security reports, updating incident response plans and educating employees on best security practices.

Key Responsibilities:

· Monitor and analyze security events and incidents to identify potential threats and vulnerabilities, with a focus on protecting sensitive financial data

· Conduct regular security assessments and audits to ensure compliance with regulatory requirements such as PCI DSS, ISO 27001 and

· Collaborate with cross-functional teams to implement security controls and measures to mitigate cyber risks and safeguard our systems and infrastructure

· Develop and update incident response plans to manage and mitigate the impact of security breaches efficiently.

· Ensure third-party vendors comply with security requirements and standards, mitigating external risks

· Conduct security awareness training and education programs for employees to promote a culture of security awareness.

· Assist with the implementation and management of security tools and technologies, such as firewalls, intrusion detection/prevention systems, and endpoint security solutions.

Desired Skills and Experience:

· In-depth knowledge of cybersecurity, firewalls, network security, information assurance, Linux, UNIX, security information and event management (SIEM), application security, security engineering, and security architecture.

· Proficiency in ethical hacking to expose vulnerabilities and protect against malicious attacks.

· Certifications such as CISSP, CISM, CSSP are a plus

· 3 years of experience in information security roles, with a focus on security analysis and incident response.

· Strong analytical skills for assessing and mitigating security risks.

· Extensive experience in conducting penetration tests on a variety of systems and applications to identify security vulnerabilities.

Interested candidates apply

Application Security Engineer / InfoSec Engineer - Onsite - Karachi

Company Overview:

Hiring for one of our Tech Solution providers in Karachi.

Job Description:

1. Develop and implement security strategies to safeguard our
   Cloud infrastructure,

on-prem systems, applications, and data.

1. Perform risk
   assessments, vulnerability scans, and penetration testing;
   provide

actionable insights to mitigate risks.

1. Collaborate with Product and Engineering teams to embed security best practices

into the software development lifecycle
(SDLC).

1. Manage and enhance our incident response plans, ensuring timely and effective

resolution of security incidents.

1. Lead initiatives to achieve and maintain compliance with industry standards and

regulations
(e.g., ISO 27001, PCI-DSS, SOC 2, GDPR).

1. Conduct security awareness trainings and workshops for Employees across the

organization.

1. Implement and manage
   SIEM tools, IDS/IPS, WAFs, Firewalls,
   and other security

technologies.

1. Monitor and analyze security alerts, logs, and data from both cloud and on-prem

environments to proactively address potential threats.

1. Work with stakeholders to prioritize and remediate vulnerabilities promptly.

2. Maintain and secure critical
   on-prem infrastructure
   , ensuring alignment with overall security policies and practices.

3. Stay updated on emerging threats, vulnerabilities, and technologies to improve our security posture continuously.

Qualifications

1. Experience:
   4+ years in InfoSec, Cyber Security, or Cloud Security roles

2. Education: Bachelors degree in Computer Science, Information Technology, or a

related field (or equivalent experience).

1. Certifications: Relevant certifications such as CISSP, CISM, CEH, AWS Security

Specialty, or Azure Security Engineer are highly desirable.

Technical Skills

1. Hands-on experience with Public Cloud platforms (AWS, Azure, or GCP) and on-

prem infrastructure.

1. Broad experience across different Operating Systems and environments (Cloud, on- prem, VMs, etc.).

2. Strong understanding of networks, network architecture, and networking concepts.

3. Hands-on practitioner proficient in security tools such as SIEMs, IDS/IPS, WAFs,

Network Firewalls, vulnerability scanners, and endpoint protection.

1. Strong understanding of network security, cryptography, and application security.

2. Practical knowledge of and experience with ISO/IEC 27001, OWASP, NIST, CIS, and

PCI-DSS standards and frameworks.

1. Experience with DevSecOps practices and CI/CD pipelines.

2. Knowledge of on-prem server security, network configurations, and physical access

controls.

1. Bonus points for being hands-on with Python and shell scripting.

Other Details:

Experience:
4+ years in InfoSec - Cyber sec

Location: Shahre Faisal

Salary: Market Competitive

Timings: Monday to Friday

About HR Ways:
HR Ways is an Award winning Technical Recruitment Firm helping software houses and IT Product companies internationally and locally to find IT Talent. HR Ways is engaged by 300+ Employers worldwide ranging from worlds biggest SaaS Companies to most competitive Startups. We have entities in Dubai, Canada, US, UK, Pakistan, India, Saudi Arabia, Portugal, Brazil and other parts of the world.

Company Description

Stafflink is the all-in-one platform designed to simplify global team management. From onboarding and culture to local payroll and compliance, we handle every aspect, allowing you to focus on growth. Our powerful HR and payroll tools, combined with global mobility services and deep compliance expertise, drive businesses to scale quicker and smarter. Additionally, our talent marketplace connects you with top professionals worldwide, ready to join your team. Hire, manage, and pay your team anywhere effortlessly.

Role Description

This is a full-time remote role for a Cyber Security Analyst. The Cyber Security Analyst will be responsible for monitoring and analyzing system vulnerabilities, performing malware analysis, and ensuring application and network security. Daily tasks will also include conducting security assessments, implementing security measures, and responding to security threats. Additionally, the analyst will be expected to stay up-to-date with the latest cybersecurity trends and technologies.

Qualifications

• Application Security and Network Security skills
• Experience in Cybersecurity and Malware Analysis
• Strong Analytical Skills
• Excellent problem-solving and critical-thinking abilities
• Effective communication and collaboration skills
• Ability to work independently in a remote environment
• Relevant certifications such as CISSP, CEH, or equivalent are a plus
• Bachelor's degree in Computer Science, Information Security, or related field