Apply on Kit Job: kitjob.in/job/46a5ks

We are looking for a hands-on Security Analyst who takes complete ownership of our security posture — across every device, every server, every application, and every user in our workplace.

n

This is not a monitoring-only role. You will actively assess, identify weaknesses, and prescribe and implement the specific steps needed to fix them. You will be the person who detects threats before they become incidents — including threats that come from inside the organization. You will own endpoint security for our Apple device fleet, harden and audit our cloud and on-premise servers, evaluate our SaaS and internal applications for vulnerabilities, and build the processes that keep us secure as we scale.

n

If you have done this work hands-on — not supervised it, not theorized about it, but actually built and secured real systems — this role is for you.

n

We are not looking for someone who generates reports and waits for engineers to action them.

n

What You’ll Be Responsible FornEndpoint Security

n

— Own Apple/macOS device security end-to-end: MDM enrollment, hardening baselines, patch compliance, and EDR-driven threat responsenServer & Infrastructure Security

n

— Conduct regular assessments of AWS and on-premise servers; produce prioritized remediation plans with specific steps for every findingnApplication Security

n

— Review internal and SaaS applications for weaknesses; deliver written hardening recommendations and track them to closure with engineeringnInsider Threat Detection

n

— Design and operate behavioral monitoring, access pattern analysis, and anomaly detection; investigate flagged activity and escalate with evidencenAccess & Identity Management

n





— Enforce least-privilege across all users and systems; conduct regular access reviews and remediate orphaned or over-privileged accountsnSecurity Operations

n

— Own SIEM, EDR, and vulnerability scanning workflows; lead incident response end-to-end from detection through post-incident documentationnGovernance & Compliance

n

— Maintain security policies, run employee training, and keep the organization audit-ready for SOC 2, ISO 27001, or equivalent

n

Required QualificationsnBachelor’s degree from an accredited college or universitynMinimum 5 years of hands-on experience in a security engineering or equivalent rolenCySA+ or CISSP certification — CISSP strongly preferrednDemonstrated, provable experience securing Apple/macOS environments (MDM, endpoint hardening, fleet management)nDemonstrated experience assessing server security, documenting findings, and delivering step-by-step remediation plansnDemonstrated experience reviewing applications for security weaknesses and producing actionable hardening recommendationsnExperience designing or operating insider threat detection programs — behavioral monitoring, access auditing, anomaly detectionnStrong working knowledge of SIEM, EDR, vulnerability scanners, and access management toolsnExperience with IAM — SSO, MFA, RBAC, and least-privilege enforcementnFluent spoken and written EnglishnHigh ownership mindset — you find vulnerabilities before they find you

n





Strongly PreferrednHands-on experience with MDM platforms for Apple device managementnExperience securing AWS environments — IAM policies, security groups, CloudTrail, GuardDuty, and ConfignFamiliarity with DLP (Data Loss Prevention) tools for insider threat and data exfiltration detectionnExperience conducting application security assessments or penetration testingnFamiliarity with SOC 2 Type II or ISO 27001 compliance frameworksnScripting ability (Python or Bash) for security automation and toolingnExperience in a product-based SaaS or AI company

n

What We Mean by “Full Security Ownership”nWe are looking for someone who:nHas personally configured, hardened, and audited the systems they are responsible for — not delegated itnCan demonstrate exactly what they secured, how they secured it, and what changed as a resultnDoes not just flag problems — they show up with the problem, the root cause, and the recommended fixnThinks like an attacker when reviewing systems and applicationsnTreats every orphaned account, unpatched server, and weak application config as a personal responsibilitynUnderstands that insider threats are as dangerous as external ones — and builds monitoring accordingly

n

What Success Looks LikenEvery employee device is enrolled, hardened, and compliant with a documented security baselinenServer assessments are conducted on schedule — findings are documented with clear remediation steps and tracked to closurenEvery application in use has been reviewed; known weaknesses have a documented remediation plan with ownership and timelinesnInsider threat monitoring is active — anomalies are flagged, investigated, and escalated appropriatelynNo orphaned accounts, no over-privileged roles, no unreviewed third-party accessnThe company can pass a security audit with conf

Apply on Kit Job: kitjob.in/job/46a5ks

📌 Security Analyst (New Delhi)
🏢 Confidential Startup SaaS
📍 New Delhi