Senior Security Analyst III

Senior Security Analyst III 

As Senior Information Security Analyst III, you will be a key contributor to our day-to-day security operations, assisting with threat monitoring, incident triage, vulnerability remediation, and GRC activities. This role is an excellent opportunity for someone with security experience who is eager to grow their skills in risk management, cloud environments and security best practices. You will work closely with senior team members and various OppFi internal teams to ensure our environment maintains security, visibility, and compliance standards.

What you get to do:

• Information Security Risk Management: 
  • Own the security review and assessment process evaluating the risk associated with introducing new applications/tools into the environment.
  • Assist with security risk management activities, including the analysis, quantification, and tracking of information security risks, plus the review and documentation of risk exception requests.
• Policy and Compliance Analysis: Identify emerging compliance requirements and assess their impact on our policies. Develop and refresh our policies, procedures, standards, and guidelines to stay compliant and aligned with industry best practices.
• Governance Visibility: Design and maintain dynamic dashboards or scorecards that offer clear insights into Information Security Governance activities, demonstrating our commitment to security and compliance.
• Security Operations & Incident Support
  • Monitor security alerts from various tools (SIEM, EDR, cloud logs) and support the triage of potential security incidents by gathering initial data and escalating to senior engineers as needed.
  • Assist in the execution of security incident response playbooks, focusing on initial steps like investigation, basic containment, and documentation.
  • Contribute to the documentation and tracking of security incidents to support audit and compliance requirements.
  • Support the monitoring and logging strategy by assisting with the configuration and tuning of SIEM (Security Information and Event Management) alerts and reports.
  • Perform regular log review and analysis for suspicious activities under the guidance of senior staff.
• Improvement & Collaboration
  • Contribute to the development and maintenance of operational playbooks and documentation for security processes.
  • Learn to deploy and manage new security tools and assist in the development of basic threat detection logic.
  • Develop basic security performance metrics and assist with reporting to measure the effectiveness of security controls.
  • Performs other related duties as assigned.

What you will bring to the team:

•  3–5 years of professional experience in Information Security or IT Risk Management, with a background supporting IT compliance programs to meet regulatory requirements and demonstrated expertise in at least one of the following areas: Security Operations, Incident Response, or Vulnerability Management.
• Experience with
• Security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, and ISO control framework
• EDR platforms (e.g., CrowdStrike, Defender for Endpoint, SentinelOne)
• SIEM/SOAR tools (e.g., Sumo Logic, Splunk, Chronicle, or Azure Sentinel)
• CSPM tools (e.g., Wiz, Prisma, Orca)
• Vulnerability management platforms (e.g., Qualys, Tenable, Rapid7)
• Experience identifying potential IT controls risks and opportunities through and offering sustainable recommendations that address cause rather than symptoms
• Experience with information security standards, best practices for securing computer systems within applicable laws and regulations
• Experience with Governance Risk & Compliance (GRC) tools and procedure development
• Solid understanding of common attack techniques (MITRE ATT&CK), incident triage, and remediation workflows.
• Foundational knowledge of AWS (Amazon Web Services) or other cloud environments.
• Basic understanding of networking, operating systems (Linux/Windows), and common security principles (e.g., least privilege, defense-in-depth).
• Familiarity with automation frameworks or API integrations for security tools.
• Strong written communication skills necessary for developing clear, concise procedures and playbooks, coupled with effective verbal skills for communicating technical findings.
• Experience building dashboards and metrics for leadership visibility.
• Strong analytical and problem-solving skills with a keen attention to detail and a desire to learn quickly.
• Bachelor’s degree in Cybersecurity, Computer Science, or equivalent experience.
• Certifications such as CompTIA CySA+, GCIH, GCIA, GMON, GCDA, GSOC, or CISSP associate are preferred.
• Experience working in a regulated industry (financial services or health care)

 Reports to:  Manager, Security Operations