Staff Analyst/ SOC Analyst II at StoneX Group

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

26 May, 26

Salary

0.0

Posted On

25 Feb, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Monitoring, Investigation, Incident Response, SIEM, EDR, Cloud Security Tools, MITRE ATT&CK, Containment, Eradication, Recovery, SOAR, Threat Intelligence, Threat Hunting, Documentation, Process Improvement, Mentorship

Industry

Financial Services

Description

Overview StoneX is seeking an experienced SOC Analyst II (L2) to join our growing Global Security Operations Center. This role sits between front-line alert triage and senior/lead-level security operations, requiring strong investigative skills, sound judgment, and the ability to drive incidents toward resolution while continuously improving detections, processes, and team maturity. The SOC Analyst II plays a critical role in deep-dive investigations, incident response, and partnering with Detection Engineering, Threat Intelligence, and Security Engineering to improve overall security posture. This position is hybrid and requires 4 days per week in the office at one of the locations listed in the job posting. Shift assignments are variable and may change based on business needs, coverage requirements, and incident response demands. Responsibilities Security Monitoring & Investigation Analyze, triage, and investigate complex security alerts across SIEM, EDR, network, identity, and cloud-based security tools. Perform deep-dive investigations to determine root cause, scope, impact, and risk of security events and incidents. Properly classify, escalate, and document alerts and incidents using frameworks such as MITRE ATT&CK. Lead investigations independently or with minimal supervision, coordinating with internal teams as needed. Incident Response Actively participate in and lead phases of incident response including identification, containment, eradication, and recovery in accordance with the Security Incident Response Plan. Provide clear, timely, and accurate updates during incidents to technical and non-technical stakeholders. Contribute to post-incident reporting, lessons learned, and improvement actions. Participate in a 24x7x365 security incident response on-call rotation. Shifts may be variable and adjusted as needed to support global coverage and major incident response. Detection, Automation & Tooling Partner with Detection Engineering, Threat Detection & Automation, and Security Engineering teams to improve alert quality, detection logic, and workflows. Provide feedback on false positives, detection gaps, and tuning opportunities. Contribute to automation efforts within SOAR platforms, including playbook development and enhancement. Assist in identifying log ingestion, parsing, or visibility gaps and recommend improvements. Threat Intelligence & Threat Hunting Integrate threat intelligence into investigations to enrich analysis and improve decision-making. Participate in threat hunting activities, developing hypotheses and executing hunts in coordination with Threat Intelligence. Documentation & Process Improvement Produce clear and high-quality incident reports, investigation notes, and technical documentation. Contribute to the creation and refinement of SOC processes, procedures, and runbooks. Help maintain operational metrics, KPIs, and investigation quality standards. Collaboration & Mentorship Serve as a technical mentor for team members, providing guidance, feedback, and informal training. Collaborate effectively with cross-functional teams including IT, Engineering, Legal, Risk, and Compliance. Promote consistent, repeatable investigation practices across shifts and regions. Qualifications Required 3–5+ years of experience in cybersecurity, security operations, or incident response. Strong hands-on experience with SIEM platforms and alert investigation workflows. Experience investigating incidents involving endpoints, identity systems, networks, and cloud services. Familiarity with the MITRE ATT&CK framework and its application to investigations. Experience participating in or leading incident response activities. Ability to work independently and make sound decisions with limited supervision. Preferred Experience with SOAR platforms and security automation. Experience with EDR tools, firewalls, IDS/IPS, and network security technologies. Basic scripting or automation experience (e.g., Python, PowerShell, SQL). Experience working in a regulated or financial services environment.

Responsibilities

The SOC Analyst II will conduct deep-dive investigations, lead incident response phases like containment and eradication, and partner with engineering teams to enhance detection logic and workflows. Responsibilities also include participating in 24x7 on-call rotations and contributing to process refinement and documentation.