StoneX is seeking an experienced SOC Analyst II (L2) to join our growing Global Security Operations Center. This role sits between front-line alert triage and senior/lead-level security operations, requiring strong investigative skills, sound judgment, and the ability to drive incidents toward resolution while continuously improving detections, processes, and team maturity. 

The SOC Analyst II plays a critical role in deep-dive investigations, incident response, and partnering with Detection Engineering, Threat Intelligence, and Security Engineering to improve overall security posture. 

This position is hybrid and requires 4 days per week in the office at one of the locations listed in the job posting. Shift assignments are variable and may change based on business needs, coverage requirements, and incident response demands. 

Security Monitoring & Investigation 

• Analyze, triage, and investigate complex security alerts across SIEM, EDR, network, identity, and cloud-based security tools. 

• Perform deep-dive investigations to determine root cause, scope, impact, and risk of security events and incidents. 

• Properly classify, escalate, and document alerts and incidents using frameworks such as MITRE ATT&CK. 

• Lead investigations independently or with minimal supervision, coordinating with internal teams as needed. 

Incident Response 

• Actively participate in and lead phases of incident response including identification, containment, eradication, and recovery in accordance with the Security Incident Response Plan. 

• Provide clear, timely, and accurate updates during incidents to technical and non-technical stakeholders. 

• Contribute to post-incident reporting, lessons learned, and improvement actions. 

• Participate in a 24x7x365 security incident response on-call rotation. Shifts may be variable and adjusted as needed to support global coverage and major incident response. 

Detection, Automation & Tooling 

• Partner with Detection Engineering, Threat Detection & Automation, and Security Engineering teams to improve alert quality, detection logic, and workflows. 

• Provide feedback on false positives, detection gaps, and tuning opportunities. 

• Contribute to automation efforts within SOAR platforms, including playbook development and enhancement. 

• Assist in identifying log ingestion, parsing, or visibility gaps and recommend improvements. 

Threat Intelligence & Threat Hunting 

• Integrate threat intelligence into investigations to enrich analysis and improve decision-making. 

• Participate in threat hunting activities, developing hypotheses and executing hunts in coordination with Threat Intelligence. 

Documentation & Process Improvement 

• Produce clear and high-quality incident reports, investigation notes, and technical documentation. 

• Contribute to the creation and refinement of SOC processes, procedures, and runbooks. 

• Help maintain operational metrics, KPIs, and investigation quality standards. 

Collaboration & Mentorship 

• Serve as a technical mentor for team members, providing guidance, feedback, and informal training. 

• Collaborate effectively with cross-functional teams including IT, Engineering, Legal, Risk, and Compliance. 

• Promote consistent, repeatable investigation practices across shifts and regions. 

Required 

• 3–5+ years of experience in cybersecurity, security operations, or incident response. 

• Strong hands-on experience with SIEM platforms and alert investigation workflows. 

• Experience investigating incidents involving endpoints, identity systems, networks, and cloud services. 

• Familiarity with the MITRE ATT&CK framework and its application to investigations. 

• Experience participating in or leading incident response activities. 

• Ability to work independently and make sound decisions with limited supervision. 

Preferred 

• Experience with SOAR platforms and security automation. 

• Experience with EDR tools, firewalls, IDS/IPS, and network security technologies. 

• Basic scripting or automation experience (e.g., Python, PowerShell, SQL). 

• Experience working in a regulated or financial services environment.