Security Analyst

Company: Koalafi
Location: Arlington
Posted on: January 15, 2022

Job Description:

About Koalafi

We're one of the fastest growing consumer finance companies in America. Why? We're making it simpler, faster, and more transparent to purchase the things you need to make your life go.

By combining smarter technology with a relentless focus on customer experience, we're transforming the financing experience for essential life purchases in retail stores nationwide.

About The Opportunity

There's no such thing as a "safe system" - only safer systems. The individual Koalafi is seeking will work to create and maintain a security posture that balances usability and security for our users, clients, and customers. As a Security Engineer, you help protect network boundaries, keep company infrastructure hardened against attacks and provide security services to protect sensitive data like passwords and customer information. The Security Analyst will work hands-on with security technologies and actively monitor our systems for attacks and intrusions. As well, the Security Analyst will work side-by-side with both Security and Systems Engineers to proactively identify and fix security flaws and vulnerabilities.

Major Duties

• Proactively monitor and maintain security solutions including firewalls, IDS/IPS, Anti-Malware, SIEM, Email security, and other security tools and work with other members of the Security and Technology teams to perform triage, incident response, and recovery activities.
• Perform configuration updates, such as modifying configurations, signature definitions, or implementing new policies on various security tools.
• Develop security flowcharts, topology diagrams, and other forms of documentation.
• Assist in the drafting of security related policies, especially by providing data as context to inform the drafting process.
• Performing risk assessments to ensure the timely proactive identification and reporting of security gaps and vulnerabilities to critical business information, systems, and network infrastructure.
• Conduct security compliance audits using a variety of compliance frameworks.
• Troubleshoot network connectivity incidents related to security devices, provide recommendations to improve reliability and availability, and reduce recovery time.
• Assist in the evaluation and piloting of new security technologies.
• Maintain knowledge of the current security landscape and trends, being able to apply tuning to already implemented technologies.
• Monitor the progress of Security Awareness Training campaigns and provide insight into improving its content and delivery.
• Other duties as assigned.
  
  Basic Qualifications
  
  About You
  
  • Preferred Education: A Master of Information Security degree or equivalent, or equivalent years of work experience, in Network Security, computer science, or related field.
  • Preferred Certifications: One or more of the following - SANS GIAC, Security+, CEH, CISSP, SSCP, OSCP or other security certifications.
  • 2+ years of professional experience
    
    Knowledge and Experience
    
    • Ability to identify, recommend and assist in implementing necessary security controls to meet business and security requirements.
    • Must be proficient in one or more scripting languages (Powershell, Python, Bash, etc)
    • Knowledge of information security methodologies.
    • Knowledge of Vulnerability Management best practices and experience being involved in a Vulnerability Management program are preferred.
    • Have a solid understanding of industry best practices for the configuration of Windows/Linux servers, Windows/Mac endpoints, cloud infrastructure, and network devices such as firewalls and IPS.
    • Experience with system, security, and network monitoring tools.
    • In-depth troubleshooting with proven analytical and problem-solving ability.
    • Hands-on experience with security appliances or equivalent open-source technologies.
    • Must have experience writing technical process ("how-to") documentation, technical & executive incident reports, and audit & compliance reports.
    • Experience with any of the following is considered a plus: Nexpose, Metasploit, Burpsuite/ZAP, REMnux, static and dynamic malware analysis, manual packet analysis, PKI, Mobile Device Management and BYOD, data classification, Data Loss Prevention, Least Privilege practices and technology.
    • Comfortable interfacing with other internal or external organizations during failure and incident response situations.
    • Working knowledge of networking concepts, including: IP Addressing, routing, switching, load balancing, DNS, DHCP, NAT rules.
    • Understanding of TCP/IP and UDP/IP protocols and networking packet analysis.
    • Ability to work under pressure.
      
      Things we value:
      
      • Curiosity. Why? How?
      • Nerdiness.Financial news and trends are fascinating. Seriously.
      • Relentlessness. No one here gives up. We try. We fail. We try again.
      • Passion. If you don't get excited about point of sale financing, retail, and consumer empowerment, it simply won't work.
      • Smarts: Book and street. We have to use all of the tools at our disposal to build Koalafi.
      • Empathy and Compassion.You understand that people's access to life essential goods and services are in your hands.
      • Communication. Can you ask for help or put your hand up when you don't understand?
      • Building. Doing. Making. Yes, we have to do a lot of thinking and talking to figure this stuff out, but you can't wait to leave the conversation and build it.

Keywords: Koalafi, Arlington , Security Analyst, Professions , Arlington, Virginia