So, what’s the role?

As the Security Analyst, you are responsible for operating and maintaining enterprise security tools and platforms, primarily in service of the protection of sensitive data. As a core member of the office of information security, you thrive in an immutable infrastructure and git-ops driven environment. You will interpret and can triage vulnerability disclosures, collaborate with stakeholders across Kin on technical solutions, and drive remediation activities.

A day in the life could include: 

• Working closely with stakeholders to gather technical requirements and execute on deliverables to bring engineered solutions to reality with a DevSecOps mindset & culture
• Collaborating with various stakeholders in multiple technical disciplines: including developers, business intelligence, data engineers, devops, quality assurance, and architects to support existing and implement new security solutions
• Operating and maintaining various security tools and practices like vulnerability management, security testing, security training,  SIEM, etc
• Performing industry research on new security protocols and methodologies
• Being part of  the planning, development, design, procurement, maintenance and implementation of security for enterprise-level systems
• Creating and implementing information systems cloud security best practices and mentoring company personnel 
• Guiding the engineering team in secure software development methodologies and best practices.
• Analyzing industry specific regulatory requirements, and contributing to policies and procedures
• Author risk assessment statements, remediation guidance, and status reports
• Develop tools to automate and refine vulnerability management processes

I’ve got the skills… but do I have the necessary ones?

• 3+ years of expertise in system, network, and/or application security
• 3 years experience in threat modeling and interpreting vulnerability disclosures
• 2 years of working knowledge building automated tools in Java, Python, Perl, PowerShell/UnixShell, or Ruby
• Working knowledge of one or more security tools: Antivirus/Anti-malware protection, vulnerability management scanners, forensic tools, Security Event Management (SIEM) management portals, Mobile Device Management tools, Data loss prevention management portals, etc
• Background as an Incident Response team member
• Proficient in various compliance and security control frameworks such as NIST, ISO 27001/27002, COBIT, ITIL, CSRC
• Previous work history at an organization that develops web-based application software
• Familiarity with immutable infrastructure, git-ops, terraform, automation and CI/CD pipelines.

Oh, and don’t worry, we’ve got you covered! 

• Medical, Dental and Vision Insurance (including 100% employer-paid plans)
• Flexible PTO policy 
• Very generous equity options and 401K
• Parental Leave
• Continuing education and professional development 
• Disability and Life Insurance 
• Onsite gym membership - when we return to the office (Chicago office only) 
• The excitement of joining a high-growth Insurtech company and seeing your work make an impact