Security Operations Center Analyst at Korapay

About The Role

• As a Security Operations Center Analyst at Kora, you will join a team of security architects and engineers responsible for defining and executing the security strategy of our products.
• The Security Operations Center Analyst will be responsible for SOC operations at Kora. This involves but is not limited to the creation, operation, and continuous improvement of security logging, monitoring, and alerting capabilities.
• This is a technical role, and it requires that you are conversant with incident handling, security automation, system security and incident response. You will be responsible for monitoring the security landscape of the organization and coming up with efficient solutions for finding known and unknown threats and understanding new adversary TTPs (Tactics, Techniques and Procedures).
• You will work closely with other members of the Information Security team in building and maturing effective security logging, monitoring and alerting & reporting capabilities, threat intelligence & analysis, cyber incident response activities and contribute to cyber intelligence briefing updates. You will also support, identify, contain and respond to developing and material cyber threats to infrastructure and services provided by the business. As well as demonstrate, through testing and documented outcomes to maintain effective cyber resilience capabilities.
• The ideal candidate has deep technical security knowledge and expertise that will help define and implement robust security architecture strategies, frameworks and governance processes.

Here are a couple of things you’ll be doing:

• Closely monitor networks and systems for intrusions.
• Develop protocols that help all team members stay on top of their security needs.
• Carry out Investigations to determine the root cause of a security breach and document your findings.
• Research emerging products, services, protocols, and standards in support of security improvements and risk mitigation efforts.
• Enhance the suite of tools to look for new threats to make existing threats easier to find.
• Management of security incidents during all stages of the incident management process including an in-depth analysis.
• Conduct security assessments regularly to identify vulnerabilities and performing risk analysis.
• Communicates alerts regarding intrusions and compromises to the network infrastructure, applications, and operating systems.
• Implementing use cases and playbooks to mature the SOC SOAR capabilities.
• Generate reports for IT administrators, business managers, and security leaders.
• Understand and operate Security Information and Event Management SIEM, File Integrity Monitoring FIM and Database Activity Monitoring DAM tools to detect and respond to security events.
• Actively participate in security initiatives with minimum supervision.
• Responds to computer security incidents accordingly, leverages subject matter expertise where established processes do not exist.
• Acts as a subject matter expert regarding CSIRT incident response processes.
• Identify and manage potential and actual operational issues within the incident detection/response domain and take corrective action.
• Keep up to date with the latest security technological trends, threats, and control measures.
• Support, troubleshoot, configure, manage the SOC security tools such as the SIEM, DAM, FIEM, WAF and a wide variety of other security products.
• Liaise and respond and escalate to the SOC’s Managed Security Service Providers MSSP as at when needed.
• Will work effectively with business units to facilitate information security risk assessment and risk management processes and will work with regulatory organizations and understanding local and global regulations.
• Other duties as assigned by the CISO.

Requirements

Here’s what are we looking for:

• Minimum of 3 years’ experience as a Security Operations Center Analyst.
• Minimum of Bachelor’s degree in Computer Science or Information Security, or in a related technical field.
• Experience with SIEM tools and/or security orchestration applications,
• Strong understanding of ATT&CK Framework, Common Web Attacks, NIST or ISO Incident Handling Controls, Knowledge of Windows and Unix Based Operating Systems, and Networking Principles.
• Strong Threat intelligence and Threat hunting skills.
• Experience with Privileged Access Management.
• Vulnerability assessment (attack & penetration testing, red team testing).
• Solid grasp of Windows and Linux system internals.
• Experience reviewing and analyzing network packet captures.
• Possess a comprehensive understanding of the TCP/IP protocol, security architecture, network and remote access security techniques/products.
• Strong verbal/written communication and presentation skills
• Industry recognized professional certification such as CISSP, GCIH, GCIA, Security+
• Scripting skills (e.g., Python, Ruby, bash)
• Demonstrated ability to work as part of a high-performance team.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, PCI DSS, NIST, MITRE
• Problem solving and analytical skills.
• Self-motivated individual who is adaptive to change.
• Finally, you are passionate, you live and breathe security, you have bags of energy, obsess about security & trust.

Benefits

• Health Insurance
• Stock Options
• Sponsored and Tailored training
• Paid Parental Leave
• Paid Time Off
• Flexible Work Style
• Internet Contribution
• Annual Performance Bonus
• Interest-free Loans
• Employee Assisted Programs
• Day off on your Birthday 🙂
• Great company culture and the opportunity to work with a highly collaborative team building something great!