Lead Cybersecurity Program Analyst
Indexed description
The Lead Cybersecurity Program Analyst owns and drives Kurv’s information security program across systems, data, and operational processes. This role is the primary subject matter expert for identifying vulnerabilities, leading threat detection and response operations, and ensuring that Kurv’s security posture meets the rigorous demands of the financial technology industry. Working on-site and in close partnership with the Technical Services Manager, the Lead Cybersecurity Program Analyst will design, implement, and maintain security controls — including SIEM operations, SOC functions, and identity and access governance — that protect company assets, customer data, and payment infrastructure. This role is an individual contributor but provides technical leadership and mentorship to staff and serves as the security program’s primary liaison across IT, Compliance, and Engineering.
CORE RESPONSIBILITIES
Security Program Leadership & Administration
- Lead the development, implementation, and ongoing maintenance of Kurv’s information security program and policies
- Conduct regular security risk assessments, gap analyses, and vulnerability scans across the organization’s technology environment
- Own security monitoring operations, triaging alerts and logs from SIEM and other detection tools to identify, investigate, and respond to potential threats or incidents
- Lead incident response activities including investigation, containment, eradication, documentation, and post-incident review; serve as the primary escalation point for security events
- Maintain security documentation including policies, procedures, standards, and exception logs
Endpoint & Network Security
- Administer and monitor endpoint detection and response (EDR) tools across all company devices and endpoints
- Manage and enforce endpoint security policies including patch management, device hardening, and access controls
- Support network security monitoring including firewall rules, intrusion detection/prevention systems (IDS/IPS), and segmentation reviews
- Conduct endpoint vulnerability assessments and coordinate remediation efforts with IT and business stakeholders
- Ensure endpoint compliance with internal security standards and applicable regulatory requirements
SIEM Operations & SOC Functions
- Administer and optimize the SIEM platform, including log source onboarding, correlation rule development, alert tuning, and dashboard creation to reduce noise and improve detection fidelity
- Operate and mature SOC processes including alert triage workflows, playbook development, escalation procedures, and shift handoff documentation
- Monitor security events and indicators of compromise (IoCs) in real time, correlating data across SIEM, EDR, and network telemetry sources
- Produce regular SOC metrics and threat intelligence reports for leadership, summarizing detection trends, mean time to detect/respond, and open risk items
Identity & Access Management (IAM / PAM)
- Own the identity and access management program, including user lifecycle (joiner/mover/leaver) processes, role-based access controls (RBAC), and access reviews
- Administer Privileged Access Management (PAM) solutions to enforce least-privilege principles, manage service accounts, and control access to critical systems and payment infrastructure
- Enforce multi-factor authentication (MFA) and single sign-on (SSO) policies across corporate systems, SaaS platforms, and cloud environments
- Conduct regular privileged account audits, recertification campaigns, and access anomaly reviews, remediating findings in accordance with PCI-DSS and internal policy requirements
Compliance & Regulatory Alignment
- Support compliance with PCI-DSS, SOC 2, and other applicable frameworks relevant to Kurv’s payments environment
- Own audit readiness for internal and external assessments, preparing evidence, managing remediation tracking, and acting as the primary security contact for auditors
- Track and report on security metrics, control effectiveness, and compliance status to management
- Stay current on evolving regulatory requirements in the fintech and payments industry
Security Awareness & Collaboration
- Design and lead employee security awareness training programs, including phishing simulations and role-based curricula
- Serve as a resource for internal teams on security best practices, phishing awareness, and data handling
- Collaborate with IT, Operations, and Compliance teams to embed security into business processes and technology projects
- Evaluate third-party vendors and tools for security risk as part of the vendor management process
QUALIFICATIONS
Required
- 4–6 years of progressive experience in information security, cybersecurity analysis, or a related IT security role, with at least 1 year in a lead or senior individual contributor capacity
- Demonstrated knowledge of endpoint security principles and tools (EDR, antivirus, patch management, device management)
- Hands-on experience with network security monitoring, firewalls, and intrusion detection systems
- Strong experience leveraging AI LLMs to drive individual and organizational efficiency
- Familiarity with security frameworks such as NIST CSF, ISO 27001, or CIS Controls
- Experience supporting PCI-DSS or SOC 2 compliance programs
- Strong analytical and problem-solving skills with the ability to assess and prioritize risk
- Excellent written and verbal communication skills for both technical and non-technical audiences
- Hands-on experience administering and operating a SIEM platform (e.g., Splunk, Microsoft Sentinel, IBM QRadar, or equivalent), including rule authoring, log source management, and alert tuning
- Experience operating within or building out a SOC function, including triage workflows, playbook development, and escalation procedures
- Demonstrated experience administering IAM systems (e.g., Okta, Azure AD / Entra ID, or equivalent) including user lifecycle management, RBAC, MFA, and SSO enforcement
- Experience with Privileged Access Management (PAM) solutions (e.g., CyberArk, BeyondTrust, or Delinea) to enforce least-privilege controls and manage privileged credentials
Preferred
- Experience in fintech, payments processing, or a regulated financial services environment
- Familiarity with cloud security principles (AWS, Azure, or GCP)
- Experience integrating threat intelligence feeds into SIEM workflows and using vulnerability management platforms (e.g., Tenable, Qualys, or Rapid7) to prioritize and track remediation
- Familiarity with zero trust security architecture and experience applying its principles across network, identity, and endpoint controls
- Exposure to software application security testing, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools (e.g., Veracode, Checkmarx, Burp Suite, OWASP ZAP) — nice to have
Certifications (Required or Strongly Preferred)
- CompTIA Security+ (required)
- Certified Information Systems Security Professional (CISSP) — preferred
- Certified Ethical Hacker (CEH) — preferred
- GIAC Security Essentials (GSEC) — preferred
- Systems Security Certified Practitioner (SSCP) — preferred
- Additional certifications in cloud security (CCSK, AWS Security Specialty) are a plus
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search