Job Description

Position: Information Security Analyst

Location: Mumbai, India

About LRN:

LRN is the world's leading dedicated ethics and compliance SaaS company, helping more than 30 million people every year navigate complex regional and global regulatory environments and build ethical, responsible cultures. With over 3,000 clients across the US, EMEA, APAC, and Latin America--including some of the world's most respected and successful brands--we're proud to be the long-term partner trusted to reduce organizational risk and drive principled performance.


Named one of Inc Magazine's 5000 Fastest-Growing Companies, LRN is redefining how organizations turn values into action. Our state-of-the-art platform combines intuitive design, mobile accessibility, robust analytics, and industry benchmarking--enabling organizations to create, manage, deliver, and audit ethics and compliance programs with confidence. Backed by a unique blend of technology, education, and expert advisement, LRN helps companies turn their values into real-world behaviors and leadership practices that deliver lasting competitive advantage.

About the role:

The Security Analyst Associate is responsible for protecting organizational information by identifying and addressing security vulnerabilities across applications and networks. The role focuses on ensuring data confidentiality, integrity, and availability through regular security assessments and implementation of robust controls. Working collaboratively with development and infrastructure teams, the analyst helps maintain a strong and compliant security framework.

Requirements

What you'll do:

Handson expertise in web, mobile, API, and network vulnerability assessment and penetration testing, including SAST (Static) and DAST (Dynamic Application Security Testing).

Strong ability to

identify, exploit, and demonstrate vulnerabilities

through

proof-of-concepts (POCs)

. Proficiency with tools such as

Kali Linux, Nmap, Metasploit, Burp Suite

, etc. Working knowledge of

Java, JavaScript, Node.js, Python

, and

code-level security review

. Familiarity with

AWS Cloud Security

,

firewalls

,

IDS/IPS

, and

DLP

solutions. Understanding of

AI Security concepts

, including

ML model threats, prompt injection, data poisoning, and model hardening techniques

. Strong understating of

OWASP Top 10

,

Information Security principles

, and

risk management frameworks

. Experience

analyzing vulnerabilities

, driving

remediation efforts

, and collaborating with

development and infrastructure teams

. Exposure to

client due diligence processes

related to

product security and compliance

. Good knowledge of

ISO 27001

and

SOC 2

standards;

experience in supporting audits is preferred

.

CEH, OSCP

, or similar certification preferred.

Passionate, self-driven, and ethical hacker mindset

with a focus on continuous learning, innovation, and cybersecurity excellence

What we're looking for:

Bachelor's degree in

Computer Science, Information Technology, or related field

(or equivalent experience). 2-3 years of

hands-on experience

in

Application and Network Security

. Strong skills in

Web, Mobile, API, and Network Vulnerability Assessment & Penetration Testing (VAPT)

. Experience with

SAST

and

DAST

security testing tools. Proficiency in tools like

Kali Linux, Burp Suite, Nmap, Metasploit

, etc. Good understanding of

OWASP Top 10

and

information security best practices

. Understanding of

cloud security concepts

, preferably in

AWS environments

. Knowledge of

ISO 27001

,

SOC 2

, and other relevant

security standards and frameworks

.

Benefits

Excellent medical benefits, including family plan Paid Time Off (PTO) plus India public holidays Competitive salary Combined Onsite and Remote Work
LRN is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.