Senior Security Analyst

Lead is a fintech building banking infrastructure for embedded financial products and services. We operate an FDIC-insured bank headquartered in Kansas City, Missouri. Additionally, we have offices in San Francisco, Sunnyvale, and New York City, where our technical, product, design, and legal teams operate.

We are built for a constantly evolving financial landscape, where new ventures and technological advancements emerge daily. Guided by a team of entrepreneurs and technologists with decades of experience navigating intricate banking and payments regulations, Lead blends regulatory and technological expertise to help our fintech partners scale their operations with compliance and creativity.

Simply put, Lead offers the essential attributes that every fintech seeks in a partner bank. First, unparalleled technical expertise from a distinguished team of developers with an extensive understanding of the banking and payments systems. Second, oversight expertise, automated compliance systems, and bespoke program management to navigate the ever-shifting regulatory landscape. Finally, a commitment to transparency and operational rigor to ensure everyone’s money does what it’s supposed to do.

Role Description

Lead Bank is looking for a Senior Security Analyst to join our Security Operations team. You'll be a core contributor to our detection and response capabilities — building detections, triaging alerts, responding to incidents, and proactively hunting threats across cloud infrastructure, security tooling, and data pipelines. You'll mentor junior analysts and partner with leadership to drive our security posture forward. Your expertise will be vital in navigating the complex regulatory landscape of the banking industry and defending against advanced persistent threats.

In this role you will:

• Build, tune, and maintain detection rules and alerts in our SIEM, writing queries to identify threats and coverage gaps aligned to MITRE ATT&CK

• Own incident response execution end-to-end — containment, eradication, recovery, and lessons learned — including forensic log analysis and post-incident reporting

• Monitor and investigate security events across endpoints, cloud (AWS), identity, and network telemetry — identifying misconfigurations, anomalous activity, and suspicious behavior

• Assist with security audits and regulatory examinations, ensuring timely and accurate security documentation and evidence is provided

• Analyze systems, applications, and networks for security configurations in partnership with security engineers.

• Manage log pipelines including ingestion, parsing, normalization, and enrichment to ensure high-fidelity data is available for detection and investigation

• Triage and prioritize vulnerability findings using risk-based frameworks and track remediation SLAs with IT and Engineering

• Collaborate with Engineering on IaC and CI/CD security reviews, and contribute to runbooks and playbooks

• Perform all other duties as assigned

What we are looking for:

Required

• 5+ years in information security or security operations

• Hands-on SIEM experience with query writing, detection building, and alert tuning

• Strong working knowledge of cloud security concepts and services (AWS preferred; GCP and Azure also considered)

• Proficiency working with logs across endpoint, cloud, network, identity, and application sources

• Understanding of CI/CD pipelines and IaC (Terraform, CloudFormation) from a security perspective

• Solid grasp of Windows, macOS, and Linux internals — processes, persistence mechanisms, and attacker TTPs

• Demonstrated IR experience, including leading or contributing to investigations

• Familiarity with data normalization, log parsing, and ETL concepts

• Strong written and verbal communication skills

Preferred

• Experience with log routing, transformation, and enrichment

• Hands-on experience with an enterprise EDR/XDR platform and its ecosystem tooling — SOAR, exposure management, and identity protection

• Experience with network security tools and interpreting proxy or web traffic logs Background in a regulated industry (financial services, healthcare) with familiarity with NIST CSF, GLBA, or FFIEC

• Scripting or automation experience (Python, Bash) for detection engineering, workflow automation, and version-controlled code in GitHub

• Relevant certifications: CISSP, GCIH, GCIA, GCED, CEH, GDSA, or equivalent

Nice to Have

• Detection as Code experience using version-controlled detection content

• Exposure to identity security tooling

What we offer:

At Lead, we design our benefits to support company culture and principles, to foster an efficient and inspiring work environment, and to create the conditions for our team to give their best in both work and life

• Competitive compensation based on experience, geographic location, and role

• Medical, Dental, Vision, Life, 401k Matching, and other wellness benefits, including FSA, HSA and HRA

• Paid parental leave

• Flexible vacation policy, including PTO and paid holidays

• A fun and challenging team environment in a dynamic industry with ample opportunities for career growth

*Lead Bank is proud to have an inclusive culture committed to ensuring equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.

*Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

**Our compensation reflects the cost of labor across several US geographic markets. Pay is based on a number of factors and may vary depending on geographical market location, job-related knowledge, skills, and experience. These ranges may be modified in the future.

Zone 1: $142,875 - $170,910 (SF/Bay Area, NYC, Seattle)

#LI-AG1