[Remote] Senior Security Analyst III

Note: The job is a remote job and is open to candidates in USA. OppFi is a leading tech-enabled digital finance platform that works with banks to provide financial products and services for everyday Americans. As a Senior Security Analyst III, you will be key in security operations, assisting with threat monitoring, incident triage, vulnerability remediation, and governance, risk, and compliance activities. Responsibilities • Own the security review and assessment process evaluating the risk associated with introducing new applications/tools into the environment • Assist with security risk management activities, including the analysis, quantification, and tracking of information security risks, plus the review and documentation of risk exception requests • Identify emerging compliance requirements and assess their impact on our policies • Develop and refresh our policies, procedures, standards, and guidelines to stay compliant and aligned with industry best practices • Design and maintain dynamic dashboards or scorecards that offer clear insights into Information Security Governance activities, demonstrating our commitment to security and compliance • Monitor security alerts from various tools (SIEM, EDR, cloud logs) and support the triage of potential security incidents by gathering initial data and escalating to senior engineers as needed • Assist in the execution of security incident response playbooks, focusing on initial steps like investigation, basic containment, and documentation • Contribute to the documentation and tracking of security incidents to support audit and compliance requirements • Support the monitoring and logging strategy by assisting with the configuration and tuning of SIEM (Security Information and Event Management) alerts and reports • Perform regular log review and analysis for suspicious activities under the guidance of senior staff • Contribute to the development and maintenance of operational playbooks and documentation for security processes • Learn to deploy and manage new security tools and assist in the development of basic threat detection logic • Develop basic security performance metrics and assist with reporting to measure the effectiveness of security controls • Performs other related duties as assigned Skills • 3–5 years of professional experience in Information Security or IT Risk Management, with a background supporting IT compliance programs to meet regulatory requirements and demonstrated expertise in at least one of the following areas: Security Operations, Incident Response, or Vulnerability Management • Experience with Security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, and ISO control framework • Experience with EDR platforms (e.g., CrowdStrike, Defender for Endpoint, SentinelOne) • Experience with SIEM/SOAR tools (e.g., Sumo Logic, Splunk, Chronicle, or Azure Sentinel) • Experience with CSPM tools (e.g., Wiz, Prisma, Orca) • Experience with Vulnerability management platforms (e.g., Qualys, Tenable, Rapid7) • Experience identifying potential IT controls risks and opportunities through and offering sustainable recommendations that address cause rather than symptoms • Experience with information security standards, best practices for securing computer systems within applicable laws and regulations • Experience with Governance Risk & Compliance (GRC) tools and procedure development • Solid understanding of common attack techniques (MITRE ATT&CK), incident triage, and remediation workflows • Foundational knowledge of AWS (Amazon Web Services) or other cloud environments • Basic understanding of networking, operating systems (Linux/Windows), and common security principles (e.g., least privilege, defense-in-depth) • Familiarity with automation frameworks or API integrations for security tools • Strong written communication skills necessary for developing clear, concise procedures and playbooks, coupled with effective verbal skills for communicating technical findings • Experience building dashboards and metrics for leadership visibility • Strong analytical and problem-solving skills with a keen attention to detail and a desire to learn quickly • Bachelor's degree in Cybersecurity, Computer Science, or equivalent experience • Certifications such as CompTIA CySA+, GCIH, GCIA, GMON, GCDA, GSOC, or CISSP associate are preferred • Experience working in a regulated industry (financial services or health care) Benefits • 401(k) matching program • Generous paid time off • Medical, dental, and vision coverage • Tuition reimbursement • DoorDash DashPass • Figo pet insurance • Rocket Lawyer • Access to LinkedIn Learning • Fringe, a lifestyle benefits platform Company Overview • OppFi a financial technology platform that powers banks to help the everyday consumer gain access to credit. It was founded in 2009, and is headquartered in Chicago, Illinois, USA, with a workforce of 501-1000 employees. Its website is https://www.oppfi.com/. Company H1B Sponsorship • OppFi has a track record of offering H1B sponsorships, with 5 in 2025, 6 in 2024, 7 in 2023, 6 in 2022, 10 in 2021, 8 in 2020. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job Apply To this Job