IT Security Analyst
Location
Romania
Posted
1 day ago
Salary
RON8.5K - RON10.5K / month
Seniority
Mid Level
Job Description
IT Security Analyst
Eurofins
Role Description As a key player in the Eurofins network, we oversee multiple European businesses in Clinical testing area. With a vast network spanning over 350 sites in Europe, we are committed to maintaining robust IT security measures in alignment with business requirements. - Approvals: Act as a gatekeeper for sensitive access and firewall rule approvals, ensuring compliance with security policies and business needs. - Reviews: Conduct regular reviews of access permissions, firewall configurations, and IT infrastructure settings (e.g., AD, Intune, Office 365, Azure) to ensure adherence to security best practices and expectations. - Architectural Review and Change Management: Review and approve all proposed changes to the IT infrastructure, ensuring changes do not compromise security integrity. - Testing: Conduct vulnerability scans at both regional and laboratory levels, overseeing remediation efforts. Collaborate with Group Security to facilitate penetration testing as required. - Incident Response: Assist in the investigation of security breaches and provide support for security intelligence reported by the Group Security Operations Center (SOC). - Advisory Role: Work closely with newly acquired laboratories to enhance their security posture, leveraging internal security standards and the expertise of a Senior Security Analyst. Evaluate the security of both in-house and externally developed applications, providing recommendations for security enhancements. - Reporting: Contribute to the development of operational security Key Performance Indicators (KPIs) and offer recommendations for improvement based on data analysis and industry best practices. - Vulnerability Management: Oversee the vulnerability management process for our entire infrastructure, ensuring timely identification, prioritization, and mitigation of vulnerabilities. Qualifications - Bachelor's degree in Computer Science, Information Security, or related field. - Minimum of 3-5 years of experience in information security roles, with a focus on vulnerability management, incident response, and security advisory. - Professional certifications such as ISO27001 (lead implementer or auditor) are preferred. - Other certifications such as CISSP, CEH, or CISM are a plus. - Strong knowledge of IT security principles, technologies, and best practices. - Experience with security tools and technologies (e.g., vulnerability scanning tools, SIEM solutions). - Excellent communication skills, with the ability to convey technical information to both technical and non-technical audiences. - Effective English speaking and writing is mandatory. - Additional spoken languages would be a plus, especially French or Spanish. - Strong analytical and problem-solving abilities, with a keen attention to detail. - Ability to work effectively in a fast-paced, dynamic environment with multiple stakeholders. Benefits - We support your development! - Do you feel you don’t match 100% of the requirements? Don’t hesitate to apply anyway! Eurofins companies are committed to supporting your career development. - We embrace diversity! - As an Equal Opportunity Employer, the Eurofins network of companies believes in strength and innovation through diversity. - Sustainability matters to us! - We are well on our way to achieving our objective of carbon neutrality by 2025, through a combination of emission reduction and compensation initiatives. Compensation RON 8500 - RON 10500 monthly
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
AI Security Analyst
AlphaSenseThe market intelligence and search platform trusted by over 3,500 leading organizations
• Monitor enterprise AI usage end to end • Hunt for unauthorized AI and rogue agent activity • Turn raw AI telemetry into triaged findings • Collaborate with Automation Engineers, Data Analysts, and Directors • Contribute to evidence base for ISO 42001 certification • Maintain and validate AI activity logging and data retention controls
AI Security Analyst
AlphaSense IndiaAlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination. In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works.
Role Description We are building an AI Security and Governance capability and need an AI Security Analyst to be the front line for detecting, investigating, and containing risk across every AI tool, agent, and model touching AlphaSense's environment. You will monitor enterprise AI usage end to end, hunt for unauthorized ("shadow") AI and rogue agent activity, and turn raw AI telemetry into triaged findings the security and governance team can act on. Working alongside the Automation Engineer, Data Analyst, and Director, you will be a primary contributor to the evidence base underpinning our ISO 42001 certification and our broader AI risk posture. Key Responsibilities - AI Tool Discovery & Shadow AI Monitoring: Continuously monitor CASB/SWG, OAuth, and endpoint telemetry to discover unsanctioned AI tools, browser extensions, and API-level agents in use across the business. Classify findings by risk tier and escalate unauthorized deployments for containment. - Rogue Agent Detection & Investigation: Investigate alerts related to autonomous agents and AI-powered workflows (e.g., anomalous tool chains, unexpected data access, credential misuse) including threats such as OpenClaw and similar agent-based attack patterns. Document findings and drive remediation with the Automation Engineer and Identity teams. - AI Data Exfiltration Detection & DLP: Monitor DLP and AI usage logs for signs of sensitive data leaving the environment through AI tools (prompts, uploads, plugins, MCP connectors). Tune detection rules and validate that AI-specific DLP controls are operating as designed. - Developer AI Tool Governance: Monitor usage of developer-facing AI tools (GitHub Copilot, Claude Code, Codex, and similar) for policy compliance, credential exposure, and non-human identity risk. Partner with Engineering to ensure code-assist and agentic dev tools operate within approved guardrails. - AI Logging, Retention & Audit Support: Maintain and validate AI activity logging and data retention controls to ensure auditability. Assemble and organize evidence supporting ISO 42001 audits, EU AI Act readiness, and internal AI impact assessments. - Detection Tuning & Continuous Improvement: Analyze false positive/negative trends across AI security detections and recommend threshold and logic adjustments. Feed recurring patterns into the Automation Engineer's playbook backlog. - Cross-functional Collaboration: Partner with Security Operations, Identity, Legal, and AI/ML Engineering to align findings with existing incident response processes, and support the Director in preparing risk findings for governance council and executive reporting. Qualifications - 3-5+ years in security analysis, SOC, or GRC analyst roles - Working knowledge of SIEM platforms (Splunk, Microsoft Sentinel, Google Chronicle) and DLP/CASB tooling - Understanding of AI/LLM risk concepts: prompt injection, data exfiltration via AI tools, model/agent misuse, shadow AI - Familiarity with non-human identity concepts (service accounts, API keys, OAuth tokens) and their security challenges - Understanding of threat detection logic (MITRE ATT&CK exposure to MITRE ATLAS or OWASP LLM Top 10 a plus) - Comfortable reading and interpreting logs, API telemetry, and structured/unstructured investigation data - Basic scripting or query proficiency (Python, SQL, or SPL/KQL) for investigation and reporting - Strong written documentation habits - Ability to translate technical findings into clear, risk-based narratives - Familiarity with cloud environments (AWS, Azure, or GCP) Requirements - Exposure to AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act risk tiers) - Experience supporting audit evidence collection or control testing (SOC 2, ISO, or similar) - Familiarity with agentic AI frameworks (LangChain, AutoGen, CrewAI) and MCP-based tool-use architectures - Experience with browser extension monitoring or OAuth application audits - Exposure to ML-based anomaly detection or NLP-driven log analysis Certifications - Security+, CISSP (Associate), or AI-specific credentials Company Description AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination. In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works.
Senior Information Security Analyst
CSC - Corporation Service CompanyCorporation Service Company (CSC), founded in 1899, is a global leader in business administration, compliance solutions, and digital brand services, operating i
Title: Senior Information Security Analyst Location: Wilmington United States Job Description: Senior Information Security Analyst Wilmington, DE Monday - Friday 8:00 am - 5:00 pm Remote The Information Technology Risk Oversight (ITRO) function, within CSC Legal, Risk & Compliance Global Shared Services, is seeking to expand its dynamic second-line IT risk oversight team with the addition of a Senior Information Security Analyst. This role is a key component of the broader Risk Management and Governance frameworks and will play a pivotal part in the continued maturation and embedding of the Enterprise Risk Management (ERM) framework. The position will focus on the oversight and management of current and emerging risks across Technology, Data, Cyber, and Artificial Intelligence (AI). The role is suited for an Information Security professional with proven second/third line oversight experience in Technology risk management and/or Technology audit in financial services. The successful candidate must have subject matter expertise in InfoSec and Cyber risk and the ability handle a variety of Tech/Cyber assurance projects across various domains. Some of the things you'll be doing: - Promote good risk management practices and governance across the organization in line with CSC Enterprise Risk management Framework (ERMF). This includes close cooperation with Enterprise Security and Business Unit technology teams. - Ensure enterprise risk management requirements are incorporated into enterprise and product governance forums and provide independent challenge to technology and business leaders on risk posture. - Provide risk advisory for new product launches, technology and AI adoptions and vendor integrations - Support and guide risk and control owners during initial control design of in-house and third party applications and emerging technologies including AI - Support and drive compliance with regulatory expectations. - Provide 1st line teams with the necessary tools (policy, standards, templates, advice and guidance) to embed a structured, consistent way of risk identification, evaluation, monitoring and reporting across Cyber Security, Technology, Data and AI risk taxonomies. - Participate and/or facilitate IT & cyber risk assessments and deep dives across key systems and applications including third party systems and SaaS solutions - Partner with Enterprise Security and BU Technology teams to ensure risks are properly recorded, tracked and remediated in CSC global GRC tool. - Participate and drive the development of risk action and mitigation plans including root cause analysis. - Promote and support the development of appropriate control frameworks to ensure Cyber security, Technology, Data and AI risks are managed responsibly - Driving firm-wide risk policy enhancements, consistent distribution of the policies, oversight of policy implementation and procedure/standard alignment - Ongoing assessment and recalibration of the global risk appetite across business units, shared services and locations across CSC - Targeted and thematic risk management deep dives. Undertake planned second line risk assessments, application control reviews and third party risk management. - Assist with Executive and Board level risk reporting on Information Security and Technology themes. - the What technical skills, experience and qualifications do you need? - Critical thinking, with a willingness to learn, grow, and challenge status quo. - Self-starter with proven track record on managing demands. - Minimum of 7 years' experience in Information Security and/or Technology Risk management within financial services ideally within regulated environments. - Relevant certification(s) e.g. CISSP, CISM, CRISC or CISA - Deep experience or equivalent experience in technology risk management, information security and cyber with a focus on risk identification, assessment and mitigation - Experience with industry frameworks such as COSO, COBIT, ISO27001, NIST and other including a solid understanding of the 3 lines of defense model. - Knowledge of Operational resilience regulations and guidelines including DORA - Hands-on experience in targeted and thematic risk management deep dives from planning, scheduling and execution with good written and communication skills to all levels of management. - Experience in using and implementing solutions with AI tools such as Claude Code / Github Copilot is an advantage. - Data management and governance experience ideal but not essential, however an interest to grow personally as the company mature. - Results orientated. A self-starter with a commitment to challenge the status quo and help drive the risk management agenda forward in partnership with colleagues across all lines of defense - Stakeholder management. The successful candidate will have excellent interpersonal skills and the ability to communicate well at all levels of the organization #CSC #CSCCareers #LI-HL1 CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business. Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other. CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued. CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers. We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging, CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC. We encourage candidates to apply directly to our website and not through third-party sources. Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications.
• Assess technical vulnerabilities and propose solutions to improve the security of our platform, working across our stack (Ruby, Go, and PHP) and developing security fixes in AWS/Lambda. • Quickly evaluate requests in the development queue to reduce the AppSec bottleneck and unblock Engineering deliveries. • Actively propose and implement fixes in code, going beyond merely reporting findings. • Conduct threat modeling and apply secure-by-design principles to product initiatives. • Create guardrails, tooling, and automations that make the secure path the default for Engineering teams. • Integrate and tune security tools in the CI/CD pipeline (SAST, SCA, and secret scanning), maintaining low noise and few false positives.


