Full-Time Information Security Analyst

LeafLink takes security exceptionally seriously. In the role of Information Security Analyst, you’ll help play a key role in protecting our systems, employees, and most importantly our customers and their data. Partnering closely with key stakeholders across the organization you’ll help maintain and improve our security posture, procedures, and policies while evaluating current and new technologies against emerging threats.  What You’ll Be Doing  

• Evaluate, devise, and enhance our security systems against emerging standards and regulatory requirements while monitoring adversarial threats and techniques

• Conduct regular security awareness training for employees & provide recommendations for improving the security posture for LeafLink

• Play a key role in contributing to efforts to achieve, maintain, and enforce our SOC 2 compliance across the organization

• Keep abreast of new developments within SOC 2 and security industries and ensure LeafLink’s security policies, procedures, and postures are up-to-date, robust, and industry-leading

• Participate in frequent disaster recovery and business continuity (DRBC) exercises and scenarios

• Monitor security alerts and incidents, investigate and coordinate with the IT and Platform teams the appropriate, timely responses

• Conduct in-depth analysis of security incidents, determine root causes, and implement corrective actions

• Work with the Platform team to drive proper KPIs and reporting around threat detection and vulnerabilities

• Participate in regular vulnerability assessments and penetration testing with the Platform team

• Partner with the procurement team to ensure vendors meet internal security requirements 

• In conjunction with Platform and IT teams; manage and optimize security tools, including but not limited to firewalls, IDS/IPS, antivirus, and SIEM solutions

• Stay up-to-date with the latest security technologies and trends

• Conduct risk assessments to identify and mitigate potential security risks

• Work closely with cross-functional teams to integrate security best practices into business processes

• Communicate security risks and issues to both technical and non-technical stakeholders

• Partner alongside our Security Engineer with a variety of teams including Engineering, Legal, Compliance, IT, and senior leadership to ensure security remains top of mind for all employees

What You’ll Bring to the Team

• Bachelor's degree in Information Security, Cyber Security, Computer Science, or a related field

• Experience working in financial services

• Proven experience as an Information Security Analyst, with a focus on SOC 2 compliance

• Strong knowledge of SOC 2 controls and requirements

• Experience with security tools such as firewalls, IDS/IPS, antivirus, SIEM, etc.

• Hands-on experience with OKTA, Crowdstrike, and security hardening within Google Workplace and AWS environments is a plus

• Basic knowledge of maintenance windows and patch cadence for mission-critical systems is a plus

• Knowledge of industry standards and frameworks (ISO 27001, NIST, etc.)

• Certifications such as CISSP, CISM, or CompTIA Security+ are a plus

• Experience with Data Loss Prevention (DLP) systems is a plus

• Excellent communication and interpersonal skills

LeafLink Perks & Benefits

• Flexible PTO - you’re going to be working hard so enjoy time off with no cap!

• A robust stock option plan to give our employees a direct stake in LeafLink’s success

• 5 Days of Volunteer Time Off (VTO) - giving back is important to us and we want our employees to prioritize cultivating a better community

• Competitive compensation and 401k match

• Comprehensive health coverage (medical, dental, vision)

• Commuter Benefits through our Flexible Spending Account