Skip to Main Content

Job Title


Senior Risk Analyst


Company : nexocean


Location : Bengaluru, Karnataka


Created : 2025-07-26


Job Type : Full Time


Job Description

Position SummaryThe Risk Analyst – Cyber & Application Security plays a vital role in cybersecurity and enterprise risk strategy. This role focuses on threat modeling, vulnerability assessments, and identifying risks across applications, systems, and digital platforms. You’ll work closely with cybersecurity engineers, application developers, and enterprise risk teams to ensure secure-by-design practices and resilience across digital assets.Key ResponsibilitiesCybersecurity Risk Management Identify and assess cybersecurity risks related to applications, infrastructure, APIs, and cloud environments.Maintain cyber risk registers and assist in aligning risks to ERM framework (ISO 31000, NIST CSF).Contribute to internal cyber risk assessments and support audit preparedness activities.Threat Modeling Perform structured threat modeling (e.g., STRIDE, DREAD, MITRE ATT&CK) on critical applications and services.Identify attack vectors, assess business impact, and define security requirements in early SDLC stages.Partner with DevSecOps and architecture teams to ensure security is integrated into system designs.Application Security & Vulnerability Management Collaborate with AppSec teams to evaluate vulnerabilities identified via SAST, DAST, SCA, and penetration testing tools (e.g., Fortify, SonarQube, Veracode).Track remediation plans for application vulnerabilities and report on risk trends and residual exposure.Support secure coding practices and participate in security reviews during product and software lifecycle.Risk Analytics & Reporting Develop dashboards and reports that summarize key cyber and application risks, open vulnerabilities, and trends.Translate technical security issues into business-friendly language for stakeholder consumption.Maintain documentation of threat models, risk decisions, and control validations.Cross-functional Collaboration Work with internal stakeholders including application owners, cybersecurity teams, infrastructure, and compliance.Support digital transformation initiatives (e.g., cloud migration, SaaS adoption) with risk advisory and security input.Preferred Qualifications c Bachelor's or Master's in Cybersecurity, Information Systems, Computer Science, or related field.3–7 years of experience in cybersecurity, application security, or cyber risk analysis.Solid knowledge of secure software development lifecycle (SSDLC), OWASP Top 10, SAST/DAST/SCA practices.Familiar with frameworks: ISO 31000, NIST CSF, MITRE ATT&CK, STRIDE, OWASP SAMM.Hands-on experience with tools like Burp Suite, Fortify, Nessus, SonarQube, Veracode, or RiskLens.Proficient in Jira, Confluence, Power BI/Tableau for tracking and reporting risks.