IT Security Operations Analyst III

Overview

Connecting clients to markets – and talent to opportunityWith 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we’re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, The StoneX Group is made up of four segments that offer endless potential for progression and growth.

Corporate: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.

Position Purpose

Experience with security-related technologies including active directory, host-based firewalls, host-based intrusion detection systems, logging, and monitoring tools, EDR, and EDR systems, network monitoring and network-based security facilities.

Responsibilities

Responsibilities

• Monitor and analyze data flows within the SIEM and across security tools to ensure comprehensive visibility and performance. 

• Identify bottlenecks or inefficiencies and recommend improvements for log ingestion, parsing, and correlation. 

• Design and implement logic for custom automations and detections, ensuring successful deployment to production environments. 

• Develop and formalize standardized detection concepts and automation requirements, ensuring clear and actionable deliverables for the Detection Engineering and Automation team to implement and deploy in production environments. 

• Partner with the Security Engineering and the Threat Detection and Automation teams to drive improvements in tool usage and workflow, as well as detection, response, and automation to mature monitoring and response capabilities. 

• Establish performance objectives for team members. 

• Motivate, teach, and develop team members as a part of continuous improvement. 

• Measure team members against specified objectives, coaching them on how to improve where needed 
• Partnering with other regional team leads to create globally consistent practices and drive improvements across the global team
• Work with the Global Security Operations Center Manager to establish team objectives and improvement targets.
• Develop Threat Hunt plans in coordination with Threat Intelligence team.
• Lead the incident response process regionally in accordance with the Security Incident Response Plan
• Manage security event investigations, partnering with other departments as needed.
• Responsible for production of incident report for reportable incidents, and maintaining KPIs and Metrics
• Lead in scheduling resources regionally to ensure best possible team coverage
• Supervise the IT Security Operations team in your region and provide technical leadership in all aspects of Security Operations
• Participate in a 24x7x365 major incident and shift security incident response on-call rotation
• Pass IKM Skills Assessment for the following exams: COMPTIA SECURITY+, CYBER SECURITY, and INFORMATION SYSTEMS SECURITY
• Successfully complete a critical thinking test also known as a critical reasoning test.

This job might be for you if: 

• You enjoy solving problems. You love taking on difficult challenges and finding creative solutions. If you don't know the answer, you'll dig until you find it
• You like helping people. You get a kick out of getting people to those aha! Moments. You are patient, level-headed, and cool under pressure. Teaching someone something new makes your day.
• You pay attention to details. As far as you're concerned, anything worth doing is worth doing right, every single time. You stay focused, and nothing falls through the cracks on your watch
• You think on your feet. You like learning new things, and you can learn quickly. When things change, you know how to roll with the punches
• You communicate clearly. You write well. You can explain just about anything to anyone, and you're comfortable communicating in writing, via teleconference, and in front of small to large technical or executive groups
• You are motivated and driven. You volunteer for new challenges without waiting to be asked. You're going to take ownership of the time you spend with us and truly make a difference

Qualifications

FUNCTIONAL/TECHNICAL KNOWLEDGE/SKILLS: 

• You need to have experience in multiple technology verticals.
• Good organizational skills are a must as well as the ability to motivate a team to success.
• 4+ years of experience as a security analyst or engineer or cybersecurity leader/supervisor.
• 4+ years of experience in security Investigations/Triage/Deep Dive analysis along with extensive experience in leveraging SIEM platforms. 
• Must have experience with security-related technologies including active directory, host-based firewalls, host-based intrusion detection systems, logging, and monitoring tools, EDR, and EDR systems, network monitoring and network-based security facilities.
• Experience with firewall technology
• Leadership experience managing and performing incident response
• Generally familiar with basic scripting/programming: Examples such as: Python, PowerShell, SQL
• Ability to coach and mentor all levels of skillsets within the team
• Knowledge of Linux administration with command line and Windows administration/system
• Excellent problem-solving skills and keen ability to diagnose and troubleshoot technical issues
• Well spoken, articulate, attention to detail, with excellent writing abilities
• Must be able to communicate technical details in a clear manner
• Ability to manage multiple projects/task
• Leverages strategic and tactical thinking.
• Works calmly under pressure and with tight deadlines.
• Demonstrates effective decision-making skills.
• Is highly trustworthy and leads by example.
• Stays current with evolving threat landscape

EDUCATION/CERTIFICATION REQUIREMENTS: in at least two of the following: 

• Bachelor’s degree in information security, Information Assurance, Information Systems, or other related fields.
• Certified Information Systems Security Professional (CISSP), CompTIA SEC+/CySA + (are a plus)
• Certified Information Security Manager (CISM)
• Information Security System Management Professional (ISSMP)
• SANS related certifications (GSE, GCIA, GCED, GCIH etc.)
• Other field appropriate certifications may be considered