IT Security Analyst - Secrets & Credential ManagementHCLTech • Poland, Ohio, United States
IT Security Analyst - Secrets & Credential Management
HCLTech
- Poland, Ohio, United States
- Poland, Ohio, United States
Über
Detailed Responsibilities
Conduct comprehensive analyses of current secret and credential management practices across applications, infrastructure, platforms, and operations.
Identify, classify, and document technical and workforce secrets, detailing ownership, usage, storage location, criticality, lifecycle stage, access model, and associated risks.
Assess control weaknesses such as unmanaged SSH keys, hardcoded credentials, shared accounts, undocumented secret usage, insufficient rotation, and weak auditability.
Define and document functional and non‑functional requirements for centralized secrets management capabilities.
Support the design of compliant lifecycle processes for creation, storage, access, usage, rotation, revocation, emergency access, and decommissioning of secrets.
Analyze dependencies across systems, applications, service accounts, technical users, and operational teams to facilitate onboarding and migration planning.
Prepare security analysis deliverables including gap assessments, process documentation, risk assessments, control requirements, and remediation recommendations.
Facilitate and document workshops with technical, operational, and business stakeholders to gather requirements, validate findings, and resolve ambiguities.
Contribute to tool evaluation by translating operational and security needs into assessment criteria and use cases.
Validate proposed solution approaches against defined security, compliance, and operational expectations.
Support reporting and governance activities by maintaining traceability of findings, risks, requirements, remediation items, and implementation dependencies.
Ensure analysis outputs are audit‑ready, internally consistent, and suitable for decision‑making at project and stakeholder governance levels.
Skill Requirements
Minimum of 5 years’ experience in IT security analysis, security requirements engineering, control assessment, or security governance in complex enterprise environments.
At least 2 years’ experience in IAM (Identity & Access Management) projects.
Proven knowledge of secrets and credential types (passwords, SSH keys, API keys, tokens, certificates, service accounts, privileged credentials).
Experience in analyzing IT processes, identifying control gaps, and translating findings into actionable security requirements.
Strong understanding of IAM, PAM (Privileged Access Management), least privilege, segregation of duties, auditability, and secure access governance.
Ability to work effectively across technical and non‑technical stakeholder groups, driving structured analysis in ambiguous environments.
Excellent documentation, workshop facilitation, and communication skills in English.
Experience working in regulated, global, or highly controlled environments.
Other Requirements (Optional)
Experience with CyberArk, HashiCorp Vault, Azure Key Vault, AWS Secrets Manager, GCP Secret Manager, or similar platforms.
Familiarity with ISO 27001, NIST, CIS Controls, or enterprise security governance frameworks.
Experience with transformation or migration projects involving credential centralization and legacy cleanup.
Relevant security certifications (e.g., CISSP, CISM, CEH).
Life insurance
Private medical care
MultiSport Card
Subsidy for glasses
Subsidy to language courses
Christmas and holiday bonuses
Clear career path in a growing multinational organization
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.