Senior, Information Security Analyst

at  Carbon

ABOUT

Carbon is a pan-African digital bank with a mission to provide friction-free finance to its customers. Carbon promises to play a fundamental role in its customers’ lives wherever they are, with flexible solutions. We pride ourselves on our efficiency and with just $10mm of equity raised in 2015, we have disbursed over $100m in loans and earned more than $30mm in revenue over the last 2 years. Carbon has operations in Ghana, Kenya, and Nigeria, supported by a talented team spread between Lagos, Nairobi, London, Argentina, and Palo Alto so we operate with a remote-first mindset.
At Carbon, we are:
Passionate: We love what we do and have an ownership mentality.
Resourceful: We make do with what we have. Not wasteful
Intelligent: We are forever learning to better ourselves, constantly experiencing & testing to understand the problem space better
Maverick: We try the unconventional, question widely held assumptions.
Executors: We get shit done. No excuses
Data-Driven: Rigorous in using data for decisions, experiments to test assumptions and hypothesis

REQUIREMENTS

We are looking for candidates who can meet the following criteria. We want to emphasize that we don’t expect you to meet all of the below but would love you to have experience in some areas and a willingness to learn and expand your knowledge in other areas.

• Experience in monitoring, analyzing, and resolving security alerts generated from various sources (networks, servers, endpoints, and other event logs).
• Ability to conduct and manage vulnerability scans using external and internal tools.
• Experience in reviewing and monitoring network security to respond in a timely fashion to security alerts, while performing initial triage and providing the necessary information to other team members when necessary to solve the alert.
• Experience in running penetration tests on Technology Infrastructures,
• Experience in running periodic security audits on current IT infrastructure and application software.
• Ability to define and maintain an Information Security Incident Response Plan, including documenting security breaches.
• Ability to manage and administer security infrastructure tools such as IDS/IPS, email gateway, web filtering, and endpoint protection consoles.
• Experience in reviewing all system implementation designs and plans to ensure sufficient security and recovery provisions have been included, updating the corporate DRP as appropriate, and ensuring appropriate provisions are made in the BCP.
• Experience in researching the latest information technology (IT) security trends, best practices, threats, and potential vulnerabilities.
• Ability to develop security standards and best practices and recommend security enhancements to management or senior IT staff.
• Minimum of 5 years in as an Information Security Analyst relation job functions.
• Working knowledge of Windows and Linux Server, Bash, SQL, and Wireshark
• Expert knowledge of relevant security and privacy legislation.
• Good understanding of software development lifecycle.
• Familiarity with Cloud Platforms like AWS or GCP
• Experience with IT security and compliance standards both local and international like NITDA, CBN, ISO, PCI-DSS, etc

ROLE

The information security analyst will implement security measures to protect Carbon’s computer networks, endpoints, and systems.
The individual will be responsible for the security and regulatory compliance audits, assisting with invulnerability, and administering security infrastructure tools.

RESPONSIBILITIES

• Run a daily review of PCI DSS environment network traffic
• Run a daily call over of audit and systems logs of the PCI DSS environment
• Monitor security logs of critical public-facing services
• Review Endpoint Security logs and threat alerts
• Gather relevant Security Metrics for Information Security Report
• Manage Security incident tickets.
• Monitor and follow up on DLP, IPS, and Antivirus exceptions & alerts
• Work with network engineers to analyze firewall activities.
• Ensure compliance with local IT regulatory standards