Senior Cyber Security Analyst (SCSA)
kevin. is a startup with a bright present and even brighter future. Here we dream big, and then we commit to making those dreams come true. We have already built things that were never built before - in-app payments, card redirect, and there is more to come.
How did we manage that? By hiring people that are talented, driven, ambitious. Our company provides an environment where people like that can flourish - they can learn, explore, innovate. And they do just that!
So come join us and add rocket fuel to your career! kevin. is a great place to explore paths that were not explored before, and actually make impactful decisions.
SIEM is a part of the cyber security ecosystem of our company. Senior Cyber Security Analyst (hereinafter - CSCA) is responsible for security and incident events management. The purpose of the role is to build security and incident events collection within the whole kevin. ICT infrastructure, on-premises, on endpoints and on the cloud, and construct a system (SIEM) that allows parsing, collection, storing, correlation, and analysis of data against cyber threats, to create IOC and events feeds, and tie the system to the kevin. response capability that acts in case of cyber incidents and warnings. SCSA shall practically apply expert knowledge on detection, assessment, and control tasks conducted to prevent cyber incidents that come from inside and outside of the company. SCSA has a primary role in threat detection and problem escalation within the company. CSCA is reporting to Chief Information Security Officer.
As our new Senior Cyber Security Analyst (SCSA), you will:
- Take a lead role in planning, executing and maintaining SIEM project, managing SIEM roadmap, cooperating with the leading engineers.
- Build SIEM capabilities by integrating various technological solutions on-premises, on endpoints and on the cloud, in order to be able to collect, aggregate, store, analyze, interpret and graphically demonstrate security operational picture, event and incident information and statistics.
- Build, acquire and integrate the variety of fresh and credible information and data flow that feeds the SIEM system.
- Draft architectural and governance documents around the SIEM system, its controls, content and usage.
- Analyse SIEM data in order to detect cyber threats, conduct cyber threat intelligence and cyber threat hunting.
- Acquire, manage and integrate Indicators of Compromise (IOCs) within security systems.
- Initiate and escalate reactive or preventive cyber security operations.
- Actively participate in incidents handling and business continuity events, incident investigations, evidence collection and forensics.
- Assess and criticise systems' security plans, network architectures, security documentation as part of a vulnerability assessment or remediation engagements.
- Provide support for the teams who run penetration tests, consulting software development, networking, coding and security staff by sharing knowledge.
What you need to be successful:
- A wish to take leadership as a process/project owner.
- Ability to organize the work-flow in assigned area, time frame and resources, and prioritize tasks.
- Degree in a related field such as Software Engineering, Math, Computer Science, IT or Cyber-Security, or 10+ years of experience in the related domain.
- Around of 4 years relevant hands-on working experience on security operations, incident analysis, incident handling, vulnerability management, log analysis, and intrusion detection.
- Around of 2 years relevant hands-on working experience with SIEM solutions, especially with the cloud-based technologies.
- Ability to develop scripts for data parse, collection and other laborious tasks that are necessary for getting logs and data flows into SIEM system.
- Experience with collecting, analyzing, and interpreting qualitative and quantitative digital data from multiple sources.
- Experience with the cloud deployment of leading SIEM technologies such as ArcSight, QRadar, Nitro, NetWitness or Splunk, experience with IDS/IPS log analysis, firewalls and routers, user and network behavioural analysis, monitoring tools such as Nagios, SolarWinds, etc., familiarity with the open source SIEM solutions such as AlienVault OSSIM, Wazuh.
- Understanding of network probing and scanning, DDoS, malware behaviour, abnormal activities, such as patterns of coming from ransomware, worms, trojans and viruses.
- Strong fundamental knowledge and understanding of current security vulnerabilities, attack vectors, industry technologies, trends, and techniques, hacking tactics, techniques and behaviour, APT, covert channels, data exfiltration techniques.
- Experience with SIEM content creation, dashboard development and reporting.
- Knowledge of network segmentation and segregation, networking protocols, TCP/IP stack, systems architecture, AWS framework, operating systems, web applications, access control management, IDS/IPS technologies, basic cryptography.
- Understanding of the propagation of malware in enterprise environments, web-based exploit kits and the methods, APT and targeted malware kill-chain concept, malware mitigation controls.
- Basic to medium knowledge of penetration techniques and digital forensics.
- Certification in one or more of the following, or in other comparable certifications or acknowledged courses is desirable: GCSA, CISSP, CISM, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +.
We don’t play games when it comes to compensation packages and benefits for our employees. Our remuneration ranges from €5000 to €15000, based on your experience and competence. We not only provide competitive salaries, but we also offer several extra benefits, such as short- and long-term incentives, private health insurance, and much more. So if you’re looking for stability and comfort with a bit of excitement sprinkled in here and there, then kevin. is the place for you!
What will you get in addition:
- Competitive salary.
- Flexible salary payments - pick if you want to get your salary weekly, monthly or twice a month.
- Freedom to create, innovate, and make impactful decisions.
- Freelancer‘s working schedule – just bring us the result on time.
- Choose where to work from: our offices, your home, a little cabin in the woods, the beach - you get the point - just be reachable and do your job.
- Talented and committed team members - the best of their fields.
- Full ownership of your tasks and decisions.
- Private Health Insurance.
- Full compliance with local law requirements and labour code.
kevin.’s advanced A2A (account-to-account) payment infrastructure solution was created to swiftly change costly card payments to payments linked directly from customers’ bank accounts without using any third-party providers. kevin.’s technology scales to businesses of any size and across industries, including retail, parking, fashion, car-sharing, deliveries, insurance and many more. kevin. focuses on mobile and POS payments where customers predominantly pay using cards currently. Its payment infrastructure is based on open banking – regulated by the European PSD2 Directive – which requires all banks and financial institutions in the European Economic Area to open their API for licensed third-party providers. kevin. develops only own connections to the banks without using any third-party aggregators.
Currently, the Company supports more than 4,000 merchants in 15 markets, including Sweden, Finland, Poland, Spain, Netherlands, Baltics and Portugal, where the company has a coverage of more than 85% of bank customers. The firm’s services will be available in 28 European Economic Area (EEA) countries by the end of 2022. kevin. has a team of more than 140 employees in 12 countries and it plans to expand its workforce to beyond 350 employees in 2022.
kevin. is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.