Senior Security Analyst (Fintech)

TL;DR

Senior Security Analyst (Fintech): Managing the full lifecycle of security incidents across multiple domains (web, email, endpoint, identity, proxy, DLP) with an accent on malware triage, intrusion, and cloud-related security incident investigations. Focus on developing and maintaining Splunk correlation rules, enhancing detection logic aligned with MITRE ATT&CK, and supporting compliance-driven SOC operations.

Location: Candidates can be based in Almaty, Astana, Bengaluru, or remote from Kazakhstan. This position requires working hours from 9 AM to 5:30 PM UK time.

Company

Our client is a dynamic fintech company specializing in retail finance solutions, helping consumers split payments over time with ease.

What you will do

• Lead end-to-end investigations across malware, intrusion, and cloud security incidents.
• Perform malware triage and behavioral analysis, identifying indicators of compromise.
• Conduct analysis of suspicious activity using Splunk, Splunk Enterprise Security, and AWS native services.
• Develop, tune, and maintain Splunk correlation rules, dashboards, alerts, and analytical queries, enhancing detection logic aligned with MITRE ATT&CK.
• Configure, maintain, and validate log collection, parsing, routing, and normalization workflows, troubleshooting issues.
• Improve SOC processes, detection coverage, operational readiness, and support compliance-driven SOC operations.

Requirements

• 3-5 years of experience in a SOC L2 environment or as a Security Engineer.
• Strong background in incident investigation and management, including malware, intrusion, and cloud security incidents.
• Hands-on experience with AWS services (CloudTrail, GuardDuty, Security Hub, IAM, VPC, KMS, and S3) and advanced Splunk (SPL queries, correlation rules, dashboards, Enterprise Security).
• Proficiency in detection engineering, including creating and improving detections aligned with MITRE ATT&CK techniques.
• Strong understanding of networking, operating systems, and core enterprise security technologies (firewalls, UTM, EDR, XDR, IDS, IPS, WAF, and vulnerability scanners).
• Experience with SOAR platforms (Splunk SOAR or XSOAR) and understanding of cloud-native threat models in mature SOC environments, ideally in the financial sector.

Nice to have

• Relevant security certifications (GIAC, CISSP, or equivalent).

Culture & Benefits

• Work on global projects, grow your career in a supportive, flexible, and innovative tech environment.
• We help cover the cost of IT certifications and provide access to top-tier courses and learning platforms.
• Health insurance is provided for you and your loved ones.
• 10 days sick leave without a doctor's note, and time off for state holidays.
• Enjoy a pleasant environment with corporate parties and team get-togethers.