Senior Security Analyst

Ałmaty
Astana
Bengaluru
Remote.Kazakhstan

Jeśli otrzymałeś tę ofertę pracy od naszych rekruterów, zapoznaj się z naszą Polityką prywatności.

Client

Our client is a dynamic fintech company specializing in retail finance solutions, helping consumers split payments over time with ease. Being one of the UK’s leading digital banks, they are driving innovation to create flexible, accessible, and seamless payment experiences for clients.

Position overview

We are seeking a dedicated and detail-oriented Senior Security Analyst to join our dynamic cybersecurity team. The Senior Security Analyst will be responsible for managing the full lifecycle of security incidents across multiple domains, including web, email, endpoint, identity, proxy, DLP, and threat intelligence sources.

This position includes a sign-in bonus.

This position requires the working hours to be from 9 AM to 5:30 PM UK time and involves participating in on call shifts outside of regular UK business hours.

Responsibilities

Lead end to end investigations across malware, intrusion, and cloud related security incidents
Perform malware triage and behavioral analysis, identify indicators of compromise, and provide clear remediation guidance
Conduct analysis of suspicious activity using Splunk, Splunk Enterprise Security, and AWS native services
Develop, tune, and maintain Splunk correlation rules, dashboards, alerts, and analytical queries
Enhance detection logic aligned with MITRE ATT CK techniques and reduce false positives
Configure, maintain, and validate log collection, parsing, routing, and normalization workflows
Troubleshoot issues in log ingestion pipelines and adjust processing logic when needed
Collaborate with infrastructure, cloud, and application teams to validate findings and propose improvements
Develop and maintain detection use cases for AWS environments
Create or update SOAR playbooks to support automated incident response
Improve SOC processes, detection coverage, and operational readiness
Maintain documentation related to investigations, detections, data pipelines, and security procedures
Support compliance driven SOC operations and adhere to defined SLAs

Requirements

Experience of 3 to 5 years in a SOC environment at L2 level or as a Security Engineer
Background in incident investigation and incident management, including handling malware, intrusion, and cloud security incidents
Practical experience with malware triage, behavioral analysis, and identifying indicators of compromise
Understanding of reverse engineering concepts sufficient to support deeper investigations
Hands on experience with AWS services such as CloudTrail, GuardDuty, Security Hub, IAM, VPC, KMS, and S3
Advanced experience working with Splunk, including SPL queries, correlation rules, dashboards, and notable events
Experience with Splunk Enterprise Security
Background in detection engineering, including creating and improving detections aligned with MITRE ATT CK techniques
Proficiency with Splunk SPL and CloudWatch Logs Insights Query Language
Ability to build analytical datasets and detect anomalies
Experience configuring log routing, filtering, normalization, parsing, and troubleshooting pipelines
Hands on experience working with log producers such as agents, services, and forwarders
Strong understanding of networking, operating systems, and core enterprise security technologies such as firewalls, UTM, EDR, XDR, IDS, IPS, WAF, and vulnerability scanners
Ability to independently conduct end to end investigations
Proactive approach to improving detection rules, processes, and automation
Experience with SOAR platforms such as Splunk SOAR or XSOAR
Understanding of cloud native threat models and attack techniques targeting AWS
Experience in mature SOC environments, ideally in the financial sector, working with SLAs and compliance driven operations