Threat Intelligence & Vulnerability Management Analyst

Duplo
Duplo

IT

Lagos, Nigeria

Posted on Jul 15, 2026

Duplo is a Lagos-based fintech startup that enables businesses in Africa to automate their spend management, simplify cross-border payments, and control business finances all on one platform.

We want to make B2B payments as simple as P2P payment apps. Most business payments in Africa are made offline….yikes. We are on a mission to transform this. We are backed by top investors including Tribe Capital, Commerce Ventures, Liquid2 Ventures, My Asia VC, Soma Capital, YCombinator, Oui Capital, and others.

This is a unique opportunity. You'll have the responsibility and resources to take a significant part in the creation of a paradigm-changing product that will impact millions.

The Threat Intelligence & Vulnerability Management Analyst is responsible for identifying, analyzing, and mitigating cybersecurity threats and vulnerabilities across the organization’s technology landscape. The role combines technical cybersecurity operations with Governance, Risk, and Compliance (GRC) capabilities to ensure vulnerabilities, emerging threats, and security risks are proactively managed in alignment with regulatory requirements, industry standards, and organizational risk appetite.

We are looking for a Threat Intelligence & Vulnerability Management Analyst (Contract) who will support cyber threat intelligence operations, vulnerability assessments, penetration testing coordination, remediation tracking, risk reporting, compliance monitoring, and security governance initiatives across infrastructure, applications, cloud environments, and third-party ecosystems.

Responsibilities:

Threat Intelligence Management

  • Monitor and analyze cyber threat intelligence feeds, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs).
  • Conduct threat hunting activities and provide actionable intelligence to relevant stakeholders.
  • Track emerging cyber threats, ransomware campaigns, vulnerabilities, and attack trends relevant to the financial sector.
  • Produce threat intelligence advisories, alerts, and situational awareness reports.
  • Collaborate with SOC, Incident Response, and Engineering teams during security investigations and incidents.

Vulnerability Management

  • Conduct vulnerability assessments across servers, endpoints, databases, applications, cloud, and network devices.
  • Coordinate periodic penetration testing and remediation activities.
  • Validate remediation actions and ensure closure of identified vulnerabilities within agreed timelines.
  • Maintain vulnerability dashboards, risk registers, and remediation trackers.
  • Analyze vulnerability trends and provide risk-based recommendations to management.
  • Ensure timely patch management coordination with infrastructure and application teams.

Governance, Risk & Compliance (GRC)

  • Support compliance with regulatory and industry requirements, including CBN Cybersecurity Framework, NDPC, ISO/IEC 27001, ISO/IEC 22301, ISO/IEC 20001, and PCI DSS.
  • Perform cyber risk assessments and control effectiveness reviews.
  • Assist in policy development, control reviews, and cybersecurity governance reporting.
  • Maintain risk registers, exception registers, and compliance evidence repositories.
  • Support internal and external audits, regulatory examinations, and compliance reviews.

Security Monitoring & Reporting

  • Develop and maintain cybersecurity metrics, dashboards, and executive reports.
  • Monitor vulnerability remediation SLA compliance.
  • Provide periodic reports on cyber risks, threat exposure, and compliance posture.
  • Support continuous improvement of cybersecurity controls and operational resilience.

Stakeholder Engagement

  • Work closely with IT Engineering, DevOps, Risk & Compliance teams.
  • Provide security advisory support for projects, system upgrades, and digital transformation initiatives.
  • Conduct awareness sessions on cyber threats and vulnerability management best practices.

Requirements:

  • Bachelor’s Degree in Computer Science, Information Security, Cybersecurity, Information Technology, Engineering, or related discipline.
  • Relevant certifications such as CEH, Security+, CySA+, CTIA, CISSP, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, COBIT 2019 Foundation, or CGRC are preferred.
  • Minimum of 2-3 years’ experience in cybersecurity operations, vulnerability management, threat intelligence, and GRC.
  • Experience within banking, fintech, telecommunications, or highly regulated industries is an advantage.
  • Strong knowledge of cybersecurity principles, including threat intelligence, vulnerability management, incident response, SIEM tools, cloud security fundamentals, security governance, and regulatory compliance.
  • Strong knowledge of cybersecurity principles, including threat intelligence, vulnerability management, incident response, SIEM tools, cloud security fundamentals, security governance, and regulatory compliance.
  • Ability to analyze security risks, solve problems, communicate effectively, collaborate with stakeholders, maintain confidentiality, and demonstrate strong attention to detail and continuous learning.
  • Excellent analytical thinking/problem solving skills
  • Excellent communication and reporting skills