StoneX

Overview

The security engineer is responsible for implementing, maintaining, monitoring and managing secure solutions. The engineer delivers these solutions in accordance with the organization’s architectural designs, best practices, and regulatory or compliance requirements. As risks change, the security engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape. 

Responsibilities

• Research, recommend, perform proof of concepts (POCs), and implement information security solutions that identify and/or protect against potential threats. 
• Continually maintain and mature security products to align with business needs. 
• Document enterprise security products, their implementation, associated procedures, and team responsibilities. 
• Assist in identifying opportunities to improve our processes. 
• Act as point of contact with vendors for security products. 
• Act as a point of escalation for security products. 
• Assist with incident response and help triage major security events and incidents with Security Operations personnel. 
• Ability to understand business requirements and align them to security solutions. 
• Respond to and handle service and escalation tickets within SLA expectations. 
• Conduct performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted 

Qualifications

• Good understanding of a wide range of security tools and concepts. This includes Endpoint Detection and Response (EDR), secure email gateways, vulnerability management, threat intelligence, web security gateways, Cloud App Security Brokers (CASB), and Data Loss Prevention (DLP). 
• Basic understanding of additional technical concepts such as identity, networking, endpoints (Windows, MacOS, iOS, Android), servers (Linux and Windows), and scripting languages (Python and PowerShell). 
• General knowledge of security industry standards (NIST, PCI, ISO), best practices (ITIL), regulations (SOX, FINRA), news, and other relevant cybersecurity information. 
• Individual must be able to perform with minimal supervision of routine duties; must demonstrate ability to solve practical problems and deal with a variety of situations where only limited standardization exists. 
• Communicate technical issues and concepts both verbally and in writing to audiences of varying technical backgrounds. 
• Good organizational skills are a must as well as the ability to work successfully within a team. 
• 7-10+ years of overall technology experience. Prefer a diverse background including security, networking, compute, storage, and endpoint. 
• 7-10+ years of experience as a security analyst or engineer.