Jobs

Senior, Information Security Analyst at Carbon Nigeria

Carbon is a pan-African digital bank with a mission to provide friction-free finance to its customers. Carbon promises to play a fundamental role in its customers’ lives wherever they are, with flexible solutions. We pride ourselves on our efficiency and with just $10mm of equity raised in 2015, we have disbursed over $100m in loans and earned more than $30mm in revenue over the last 2 years. Carbon has operations in Ghana, Kenya, and Nigeria, supported by a talented team spread between Lagos, Nairobi, London, Argentina, and Palo Alto so we operate with a remote-first mindset.

We are recruiting to fill the position below:

Job Title: Senior, Information Security Analyst

Location: Lagos
Category: Infrastructure - Engineering
Employment type: Full-time

Role

The Information Security Analyst will implement security measures to protect Carbon’s computer networks, endpoints, and systems.
The individual will be responsible for the security and regulatory compliance audits, assisting with invulnerability, and administering security infrastructure tools.

Responsibilities

Run a daily review of PCI DSS environment network traffic
Run a daily call over of audit and systems logs of the PCI DSS environment
Manage Security incident tickets.
Monitor and follow up on DLP, IPS, and Antivirus exceptions & alerts
Work with network engineers to analyze firewall activities.
Ensure compliance with local IT regulatory standards
Monitor security logs of critical public-facing services
Review Endpoint Security logs and threat alerts
Gather relevant Security Metrics for Information Security Report

Requirements
We are looking for candidates who can meet the following criteria. We want to emphasize that we don’t expect you to meet all of the below but would love you to have experience in some areas and a willingness to learn and expand your knowledge in other areas:

Minimum of 5 years in as an Information Security Analyst relation job functions.
Experience in monitoring, analyzing, and resolving security alerts generated from various sources (networks, servers, endpoints, and other event logs).
Ability to conduct and manage vulnerability scans using external and internal tools.
Experience in reviewing and monitoring network security to respond in a timely fashion to security alerts, while performing initial triage and providing the necessary information to other team members when necessary to solve the alert.
Experience in running penetration tests on Technology Infrastructures,
Experience in running periodic security audits on current IT infrastructure and application software.
Ability to develop security standards and best practices and recommend security enhancements to management or senior IT staff.
Working knowledge of Windows and Linux Server, Bash, SQL, and Wireshark
Expert knowledge of relevant security and privacy legislation.
Good understanding of software development lifecycle.
Familiarity with Cloud Platforms like AWS or GCP
Ability to define and maintain an Information Security Incident Response Plan, including documenting security breaches.
Ability to manage and administer security infrastructure tools such as IDS/IPS, email gateway, web filtering, and endpoint protection consoles.
Experience in reviewing all system implementation designs and plans to ensure sufficient security and recovery provisions have been included, updating the corporate DRP as appropriate, and ensuring appropriate provisions are made in the BCP.
Experience in researching the latest information technology (IT) security trends, best practices, threats, and potential vulnerabilities.
Experience with IT security and compliance standards both local and international like NITDA, CBN, ISO, PCI-DSS, etc