Information Security Analyst

Position: Information Security Analyst

Location: Mumbai, India

About LRN:

LRN is the world’s leading dedicated ethics and compliance SaaS company, helping more than 30 million people every year navigate complex regional and global regulatory environments and build ethical, responsible cultures. With over 3,000 clients across the US, EMEA, APAC, and Latin America—including some of the world’s most respected and successful brands—we’re proud to be the long-term partner trusted to reduce organizational risk and drive principled performance.

Named one of Inc Magazine’s 5000 Fastest-Growing Companies, LRN is redefining how organizations turn values into action. Our state-of-the-art platform combines intuitive design, mobile accessibility, robust analytics, and industry benchmarking—enabling organizations to create, manage, deliver, and audit ethics and compliance programs with confidence. Backed by a unique blend of technology, education, and expert advisement, LRN helps companies turn their values into real-world behaviors and leadership practices that deliver lasting competitive advantage.

About the role:

The Security Analyst Associate is responsible for protecting organizational information by identifying and addressing security vulnerabilities across applications and networks. The role focuses on ensuring data confidentiality, integrity, and availability through regular security assessments and implementation of robust controls. Working collaboratively with development and infrastructure teams, the analyst helps maintain a strong and compliant security framework.

Requirements

What you'll do:

• Handson expertise in web, mobile, API, and network vulnerability assessment and penetration testing, including SAST (Static) and DAST (Dynamic Application Security Testing).
• Strong ability to identify, exploit, and demonstrate vulnerabilities through proof-of-concepts (POCs).
• Proficiency with tools such as Kali Linux, Nmap, Metasploit, Burp Suite, etc.
• Working knowledge of Java, JavaScript, Node.js, Python, and code-level security review.
• Familiarity with AWS Cloud Security, firewalls, IDS/IPS, and DLP solutions.
• Understanding of AI Security concepts, including ML model threats, prompt injection, data poisoning, and model hardening techniques.
• Strong understating of OWASP Top 10, Information Security principles, and risk management frameworks.
• Experience analyzing vulnerabilities, driving remediation efforts, and collaborating with development and infrastructure teams.
• Exposure to client due diligence processes related to product security and compliance.
• Good knowledge of ISO 27001 and SOC 2 standards; experience in supporting audits is preferred.
• CEH, OSCP, or similar certification preferred.
• Passionate, self-driven, and ethical hacker mindset with a focus on continuous learning, innovation, and cybersecurity excellence

What we're looking for:

• Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience).
• 2–3 years of hands-on experience in Application and Network Security.
• Strong skills in Web, Mobile, API, and Network Vulnerability Assessment & Penetration Testing (VAPT).
• Experience with SAST and DAST security testing tools.
• Proficiency in tools like Kali Linux, Burp Suite, Nmap, Metasploit, etc.
• Good understanding of OWASP Top 10 and information security best practices.
• Understanding of cloud security concepts, preferably in AWS environments.
• Knowledge of ISO 27001, SOC 2, and other relevant security standards and frameworks.

Benefits

• Excellent medical benefits, including family plan
• Paid Time Off (PTO) plus India public holidays 
• Competitive salary
• Combined Onsite and Remote Work

LRN is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.