[Remote] Senior Security Analyst III

Note: The job is a remote job and is open to candidates in USA. OppFi is a leading tech-enabled digital finance platform that works with banks to provide financial products and services for everyday Americans. As a Senior Security Analyst III, you will be key in security operations, assisting with threat monitoring, incident triage, vulnerability remediation, and governance, risk, and compliance activities.

Responsibilities

• Own the security review and assessment process evaluating the risk associated with introducing new applications/tools into the environment
• Assist with security risk management activities, including the analysis, quantification, and tracking of information security risks, plus the review and documentation of risk exception requests
• Identify emerging compliance requirements and assess their impact on our policies
• Develop and refresh our policies, procedures, standards, and guidelines to stay compliant and aligned with industry best practices
• Design and maintain dynamic dashboards or scorecards that offer clear insights into Information Security Governance activities, demonstrating our commitment to security and compliance
• Monitor security alerts from various tools (SIEM, EDR, cloud logs) and support the triage of potential security incidents by gathering initial data and escalating to senior engineers as needed
• Assist in the execution of security incident response playbooks, focusing on initial steps like investigation, basic containment, and documentation
• Contribute to the documentation and tracking of security incidents to support audit and compliance requirements
• Support the monitoring and logging strategy by assisting with the configuration and tuning of SIEM (Security Information and Event Management) alerts and reports
• Perform regular log review and analysis for suspicious activities under the guidance of senior staff
• Contribute to the development and maintenance of operational playbooks and documentation for security processes
• Learn to deploy and manage new security tools and assist in the development of basic threat detection logic
• Develop basic security performance metrics and assist with reporting to measure the effectiveness of security controls
• Performs other related duties as assigned

Skills

• 3–5 years of professional experience in Information Security or IT Risk Management, with a background supporting IT compliance programs to meet regulatory requirements and demonstrated expertise in at least one of the following areas: Security Operations, Incident Response, or Vulnerability Management
• Experience with Security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, and ISO control framework
• Experience with EDR platforms (e.g., CrowdStrike, Defender for Endpoint, SentinelOne)
• Experience with SIEM/SOAR tools (e.g., Sumo Logic, Splunk, Chronicle, or Azure Sentinel)
• Experience with CSPM tools (e.g., Wiz, Prisma, Orca)
• Experience with Vulnerability management platforms (e.g., Qualys, Tenable, Rapid7)
• Experience identifying potential IT controls risks and opportunities through and offering sustainable recommendations that address cause rather than symptoms
• Experience with information security standards, best practices for securing computer systems within applicable laws and regulations
• Experience with Governance Risk & Compliance (GRC) tools and procedure development
• Solid understanding of common attack techniques (MITRE ATT&CK), incident triage, and remediation workflows
• Foundational knowledge of AWS (Amazon Web Services) or other cloud environments
• Basic understanding of networking, operating systems (Linux/Windows), and common security principles (e.g., least privilege, defense-in-depth)
• Familiarity with automation frameworks or API integrations for security tools
• Strong written communication skills necessary for developing clear, concise procedures and playbooks, coupled with effective verbal skills for communicating technical findings
• Experience building dashboards and metrics for leadership visibility
• Strong analytical and problem-solving skills with a keen attention to detail and a desire to learn quickly
• Bachelor's degree in Cybersecurity, Computer Science, or equivalent experience
• Certifications such as CompTIA CySA+, GCIH, GCIA, GMON, GCDA, GSOC, or CISSP associate are preferred
• Experience working in a regulated industry (financial services or health care)

Benefits

• 401(k) matching program
• Generous paid time off
• Medical, dental, and vision coverage
• Tuition reimbursement
• DoorDash DashPass
• Figo pet insurance
• Rocket Lawyer
• Access to LinkedIn Learning
• Fringe, a lifestyle benefits platform

Company Overview

• OppFi a financial technology platform that powers banks to help the everyday consumer gain access to credit. It was founded in 2009, and is headquartered in Chicago, Illinois, USA, with a workforce of 501-1000 employees. Its website is https://www.oppfi.com/.

Company H1B Sponsorship

• OppFi has a track record of offering H1B sponsorships, with 5 in 2025, 6 in 2024, 7 in 2023, 6 in 2022, 10 in 2021, 8 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply tot his job Apply To this Job