Information Security Analyst
Job Details

Join our team!

 

Ingo Money is the money mobility company. We conceive, create and deliver innovative payments and risk management technologies that make money movement easy, instant and safe for our clients and their customers.

 

 

We power instant digital account transfers, mobile check deposit, retail cash deposits, and disbursements and payouts of all kinds—payroll, commissions and tips, rebates and incentives, insurance claims, loan proceeds, legal settlements, bill payment and more. And we are launching the industry’s first open-platform p2p service.

 

 

We provide senders and recipients with unmatched choice in how they pay and get paid; and we operate the industry’s biggest and best payments gateway to bridge the gap between old payment methods and new ones.

 

 

We also protect our clients from the risk of real-time money movement with proprietary, network-wide risk and fraud AI, authentication tools, real-time transactional underwriting and funds guarantees.

 

 

Bottom line: Ingo Money is transforming the way fintechs, banks and businesses move money!

 

 

If you want to be a part of the instant money revolution, we want to meet you!

 

 

Summary/Objective

 

The information security analyst is responsible for maintaining compliance regulations in our application environments using PCI DSS as standard. The role will require you to audit systems and document security controls. You will work with application developers to secure systems and set up web application firewalls. You will work with SIEM and FIM systems to ensure system ingrate and application uptime from internal and external threats. You will be responsible for auditing and maintaining access control to production systems and ensuring proper security controls are in place for change management. You will also be responsible for assisting the incident response team with breach containment and mitigations. You will be responsible for creating playbooks for cloud and information systems for incident response. Your job will emphasize web application and server security, including the protection of sensitive information, information assets, and regulatory compliance.

 

 

Specific Duties & Responsibilities

 

  • Protect software platforms from the loss of sensitive information through risk mitigation and hardening processes. 
  • Minimize the risk of cyber-attacks and focus on detection and response of threats.
  • Perform vulnerability testing and security assessments
  • Audit software platform for changes.
  • Perform access rights management to ensure proper access is maintained.
  • Drive continuous enhancement to data protection.
  • Assist in the Incident Response program and contribute to playbooks.
  • Utilize and refer to NIST controls.
  • Enforce PCI compliance.
  • Manage application secrets and key rotations.
  • Ensure proper change control procedures are adhered to.
  • Deploy and manage WAF systems for web applications.
  • Manage alerts from FIM and IDS systems.
  • Audit change on web applications. 
  • Monitor and audit events for malicious activity using SIEM systems.
  • Manage patching procedures for applications.
  • Work with containers and applications for WAF testing. 

 

 

Skills/Qualifications

 

  • Solid understanding of server security OS hardening best practices.
  • Working knowledge of SIEM technologies
  • Knowledge of security control frameworks is a plus.
  • Ability to identify and mitigate network vulnerabilities and explain how to address them
  • Ability to build and maintain security systems and deploy security infrastructure.
  • Knowledge of WAFs and IDS systems is a plus. 
  • Understanding firewalls, LANs, WANs, VPNs, routers, proxies, antivirus, TCP/IP fundamentals, and IDS/IPS is a plus.
  • Knowledge of cloud security is a plus.
  • Security industry certificates are a plus.
  • Experience and understanding of PCI DSS is a plus.
  • Knowledge of the HTTP protocol and load balancers is a plus. 
  • Knowledge of containers and application development is a plus. 


 

Education/Experience

 

  • Bachelor’s degree in Computer Science, Engineering, Information Systems, IT Security, or other technical fields, or equivalent work experience
  • Minimum 2 years’ experience working in information security, technology risk management, or equivalent qualifications
  • Minimum 1 year experience working with Linux based environments.
  • Experience with pen testing and/or red team exercises is a plus.
  • Prior audit experience is a plus.
Apply