Security Analyst, Kraków
We have come a long way since our first currency feed 23 years ago, we are an award-winning global company offering leading currency solutions for both retail and corporate clients, from a tech start-up to a global corporation. Founded in 1996, we became the first company to share exchange rate information on the internet free of charge and in 2001, we launched a trading platform that helped pioneer the development of online-based trading around the world, enabling forex and CFD investors the ability to trade the financial markets. Our vision is to transform how our clients can meet all of their currency needs with innovative and award-winning solutions. Under new ownership with significant ambitions to grow the business on the global stage, we are looking for highly motivated, passionate individuals who want to make a mark in a dynamic environment.
OANDA is looking for our next Security Analyst to join our growing information security team. This role will be based in Poland, with team members in both Poland and Canada. As a Security Analyst, you’ll be responsible for advancing the overall security maturity of the organization through developing and implementing our security program. You’ll form a key part of our security strategy by identifying and continually assessing our security posture against our internal security standards, industry best-practices, compliance and regulatory obligations and the constantly evolving global threat environment.
Reporting to the CISO, you’ll collaborate with the Security Engineers and analysts on your team to address gaps and build resiliency through a layered approach to security. OANDA’s vision is to transform how our clients can meet all of their currency needs with innovative and award-winning solutions.
- Teaching is core to scaling our security function; you’ll design and deliver education through formal (learning programs) and informal channels, including lunch and learns, training programs, design and by having a strong presence on slack. You will also own our security onboarding program in our Learning Management System.
- Evaluate, select and implement off-the-shelf solutions for vulnerability assessment, risk registration, business continuity, and security automation.
- Lead tabletop and red team exercises to help prepare our platform and our teams for potential security threats.
- Own and execute our security incident response process. Work as part of the blue team and assist the security engineers and developers during incidents, and perform forensic analysis of logs and events where necessary
- Manage vendors through engagements such as third-party vulnerability assessments.
- Manage our bug bounty program and ensure that our teams meet our SLAs for remediation based on security – if possible, you’re welcome to do hands-on development to help meet this objective.
- Write and evaluate our security policies and standards, to ensure they are in-line with modern best-practice (SANS, OWASP, NIST, etc). Perform gap analyses and internal audit to ensure we are complying with our policies and assist teams with remediation efforts where required.
- Help scale the impact of the security team through implementing DevSecOps practices – work with the development teams to set up automation tooling as part of our secure application development process. Perform code-review to ensure security- and privacy-by-design practices are followed.
- Security is everyone’s responsibility; help build a culture of security through continual advocacy and knowledge-sharing with your technical and non-technical colleagues.
- Lead the security aspect of our regulatory and compliance initiatives (including GDPR); work with our compliance department to complete internal and external audits and look for opportunities to streamline these activities through automation, templating, and mapping our compliance obligations to recognized security standards.
- Apply principles of least privilege and manage logical access controls for various systems across the organization, through implementing SSO, 2FA, onboarding and offboarding, audit, and automation.
- Work with on-premise and cloud-native security tools, such as AWS GuardDuty, Google
- Cloud Armor and Security Command Center, Rapid7, etc. to ensure our continued security and compliance.
- Make security performance metrics accessible through executive-level and granular metrics, dashboards, and ChatOps.
- Ensure customer privacy is respected through data classification and handling in our product platform, analytics, and back-office environments.
- Stay up to date with the latest industry best-practices and security landscape through involvement in security conferences and events (RSA, DefCon, BSides, etc).
Experience & Skills:
- Certifications (CIPP, CISSP, CIPM, CISM, CISA, CRISC, etc) are not required, but preference may be given to candidates with certifications or equivalent experience. Successful candidates may be given the opportunity to complete certifications during their employment.
- Preference given to those with membership in, or history of membership in security industry groups such as IAPP, (ISC) 2
- Working knowledge of security standards such as SOC2, ISO27001/ISO27002, NIST, OWASP, SANS, etc.
- Experience with compliance and regulation in the financial industry.
OANDA Global Corporation is a diverse and global team with offices around the world. We value the unique skills and experiences each individual brings to OANDA. We are committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide an inclusive and accessible environment for everyone. Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment and selection process, please let us know. We will work with you to provide as seamless a recruitment experience as possible