Security Analyst

Ałmaty
Astana
Bengaluru
Remote.Kazakhstan

Jeśli otrzymałeś tę ofertę pracy od naszych rekruterów, zapoznaj się z naszą Polityką prywatności.

Client

Our client is a dynamic fintech company specializing in retail finance solutions, helping consumers split payments over time with ease. Being one of the UK’s leading digital banks, they are driving innovation to create flexible, accessible, and seamless payment experiences for clients.

Position overview

We are seeking a dedicated and detail-oriented Security Analyst to augment an AWS-native, Splunk-heavy, financial services oriented SOC team. The Security Analyst will be responsible for managing the full lifecycle of security incidents across multiple domains, including web, email, endpoint, identity, proxy, DLP, and threat intelligence sources in cloud-native banking environment.

This position includes a sign-in bonus.

This position requires the working hours to be from 9 AM to 5:30 PM UK time and involves participating in on call shifts outside of regular UK business hours.

Technology stack

AWS, Splunk

Responsibilities

Monitor and triage security alerts 9 AM to 5:30 PM UK time, ensuring prompt prioritization and escalation of critical and high-severity threats in line with strict SLAs
Commitment to 24/7 on-call rotation (approximately one week every 4-5 weeks) with rapid response expectations
Be engaged in all stages of incident management: triaging, investigation, containing, remediation, and documenting security incidents, including phishing, endpoint threats, account anomalies, and data leakage
Maintain and enhance detection rules, automation workflows, and response playbooks within Splunk Cloud SIEM to reduce false positives and improve detection accuracy
Collaborate with internal SOC analysts, external MDR providers, and business teams to coordinate efficient incident response and containment efforts
Utilize EDR tools and email security platforms to proactively contain threats by blocking malicious IPs/domains, isolating endpoints, and updating security controls
Execute real-time incident management using Jira, Slack, and PagerDuty for communication and coordination across stakeholders
Conduct continuous threat hunting and intelligence enrichment to stay ahead of evolving attack vectors
Provide timely, accurate reporting and maintain thorough incident documentation to inform management and support regulatory compliance

Requirements

Strong communicator, able to clearly document incidents and coordinate with team members.
Fast learner, comfortable adapting to evolving technologies and workflows.
Solid knowledge in networking, operating system fundamentals, and information security principles.
Experience working with or supporting SIEM (preferably Splunk Cloud), EDR, email security, DLP/CASB, and vulnerability management tools.
Proficient with team collaboration and incident management tools such as Jira, Confluence, Slack/MS Teams, PagerDuty.
Experience or familiarity with automating security workflows.
At least a Bachelor’s degree, or equivalent work experience.
Good written and spoken English.

Nice to have

Experience with Python and KQL (Kusto Query Language) for automation and advanced queries.
Experience supporting or tuning SIEM detection rules, playbooks, and alerting workflows.
Familiarity with regulatory security requirements in the financial sector.
InfoSec certifications (e.g., CompTIA Security+, SSCP, GIAC, etc.).
Ability to remain calm and act decisively under pressure; creative and analytical approaches to problem-solving.