Job Description

Overview: A SOC Team Analyst III is a subject matter expert responsible for managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the Level 2 Analysts. The SOC Team Analyst III is responsible for coordinating and leading the StoneX Incident Response process when necessary and managing incidents throughout the event life cycle. SOC Team Analyst III will further an investigation and ensure root cause and resolution for metrics, tracking, lessons learned are compiled, documented, and disseminated in conjunction with the SIRP process.
They will provide insight and expertise to examine malicious code (malware), attack vectors, network communication methods, analyze threats against target systems and networks, determine target network capabilities and vulnerabilities, support development and maintenance of new tools and techniques to exploit specific targets, and produce technical after-action reports in support of the SOC. SOC Team Analyst III will be the focal point for critical security alerts, Events and Incidents and will serve as subject matter experts in providing recommendations to the SOC Manager and other members of Information Security and IT management for escalation and remediation. SOC Team Analyst III are also responsible for training and mentoring their Level 1/2 Analysts to improve SOC Analyst capability and maturity.
Finally, SOC Team Analyst III will work with the Level 2 Analysts, Detection and Security Engineers to develop and refine use cases within XSOAR focusing on emerging threats. This role will be working UK business hours. Responsibilities:

• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
• In coordination with the Team Lead, establish performance objectives for team members.
• Motivate, teach, and develop team members as a part of continuous improvement.
• Partnering with the regional team leads and other L3 analysts to create globally consistent practices and drive improvements across the global team.
• Work with the Global Security Operations Center Manager to establish team objectives and improvement targets.
• Partnering with the Security Engineering and Threat Intelligence teams to drive improvements in tool usage and workflow, as well as detection, response, and automation to mature monitoring and response capabilities.
• Developing Threat Hunt plans in coordination with Threat Intelligence

• Lead the incident response process regionally in accordance with the Security Incident Response Plan.

• Manage security event investigations, partnering with other departments as needed.

• Responsible for production of incident report for reportable incidents and maintaining KPIs and Metrics.
• Lead in scheduling resources regionally to ensure best possible team coverage.
• Participating in a 24x7x365 major incident and shift security incident response on-call rotation.
• Pass IKM Skills Assessment for the following exams: COMPTIA SECURITY+, CYBER SECURITY, and INFORMATION SYSTEMS SECURITY.
• Successfully complete a critical thinking test also known as a critical reasoning test.

Qualifications: CRITICAL THINKING SKILLS:

• Critical reasoning skills: Logical thinking; Organizational skills; and Decision making.

This job might be for you if:

• You enjoy solving problems. You love taking on difficult challenges and finding creative solutions. If you don\'t know the answer, you\'ll dig until you find it.
• You like helping people. You get a kick out of getting people to those aha! Moments. You are patient, level-headed, and cool under pressure. Teaching someone something new makes your day.
• You pay attention to details. As far as you\'re concerned, anything worth doing is worth doing right, every single time. You stay focused, and nothing falls through the cracks on your watch.
• You think on your feet. You like learning new things, and you can learn quickly. When things change, you know how to roll with the punches.
• You communicate clearly. You write well. You can explain just about anything to anyone, and you\'re comfortable communicating in writing, via teleconference, and in front of small to large technical or executive groups.
• You are motivated and driven. You volunteer for new challenges without waiting to be asked. You\'re going to take ownership of the time you spend with us and truly make a difference.

FUNCTIONAL/TECHNICAL KNOWLEDGE/SKILLS:

• You need to have experience in multiple technology verticals.
• Good organizational skills are a must as well as the ability to motivate a team to success.
• 4+ years of experience as a security analyst or engineer or cybersecurity leader/supervisor.
• 4+ years of experience in security Investigations/Triage/Deep Dive analysis.
• Must have experience with security-related technologies including active directory, host-based firewalls, host-based intrusion detection systems, logging, and monitoring tools, EDR, and EDR systems, network monitoring and network-based security facilities.
• Experience with firewall technology.
• Leadership experience managing and performing incident response.
• Generally familiar with basic scripting/programming: Examples such as: Python, PowerShell, SQL.
• Ability to coach and mentor all levels of skillsets within the team.
• Knowledge of Linux administration with command line and Windows administration/system.
• Excellent problem-solving skills and keen ability to diagnose and troubleshoot technical issues.
• Well spoken, articulate, attention to detail, with excellent writing abilities.
• Must be able to communicate technical details in a clear manner.
• Ability to manage multiple projects/tasks.
• Leverages strategic and tactical thinking.
• Works calmly under pressure and with tight deadlines.
• Demonstrates effective decision-making skills.
• Is highly trustworthy and leads by example.
• Stays current with evolving threat landscape.

EDUCATION:/ CERTIFICATION REQUIREMENTS: in at least two of the following:

• Bachelor\xe2\x80\x99s degree in information security, Information Assurance, Information Systems, or other related fields.
• Certified Information Systems Security Professional (CISSP), CompTIA SEC+/CySA + (are a plus).
• Certified Information Security Manager (CISM).
• Information Security System Management Professional (ISSMP).
• SANS related certifications (GSE, GCIA, GCED, GCIH etc.)
• Other field appropriate certifications may be considered.

PHYSICAL REQUIREMENTS/WORKING CONDITIONS:

• Climate controlled office environment.
• Minimal physical requirements other than occasional light lifting of boxed materials.
• Dynamic, time-sensitive environment.

StoneX Group Inc. is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.