Security Operations Analyst II - Commonwealth Financial Network
Waltham, MA
About the Job
Overview
If you’re looking for a high-energy, inclusive atmosphere and a company that understands the importance of work/life balance, Commonwealth is your match! From generous bonus and 401(k) programs to tuition reimbursement and flexible work schedules, Commonwealth is focused on helping its employees thrive in an environment suited to their needs. On top of all that, the Information Security department offers a hybrid work schedule, so you’ll be able to work from home for part of the week!
We’re looking for a security operations analyst to join our ranks. Our vision is to be recognized as a leading Information Security function within the financial sector leader and trusted partner delivering indispensable, and reliable services to our advisors, customers, and communities. As a security operations analyst, you will be a key member of the Information Security Operations team. This position is critical to the success of operational capabilities and in providing excellent services in defending CFN infrastructure and the clients we serve. The role itself will help to engineer analytic capabilities, enhance security automation, and facilitate incident response best-practices. You will work collaboratively with the Information Security teams to ensure solutions and services are designed and adopted effectively.
This role is ideal for those seeking a challenge in a growing business, providing indispensable services to our user communities, and being part of its success. The security operations analyst will be a key member of our SOC team, responsible for monitoring, detecting, and responding to security threats and incidents. The ideal candidate will be proactive, analytical, and have a deep understanding of the cybersecurity landscape.
Key Responsibilities
- Acting as a dedicated team member and escalation resource within the CFN Security Operations team.
- Alert Triage: Monitoring security alerts, analyzing and prioritizing them based on potential impact and severity.
- Incident Detection and Response: Acting as Incident Owner, alongside SOC Incident Manager & the user, to see incidents through the incident response lifecycle to ensure swift mitigation and recovery.
- Continuous Improvement: Driving the refinement of SOC standard operating procedures, analytic rules, playbooks, and other commonly consumed SOC resources.
- Security Automation: Collaborating with CFN Security Operations team members to design and implement security automation workflows.
- Strategic Advisory: Acting as a trusted advisor to internal teams, offering guidance and security requirements to ensure secure project execution and regulatory compliance.
- Documentation and Reporting: Maintaining meticulous documentation of incidents, analysis findings, lessons learned, and providing relevant dashboards and metrics for continuous improvement.
Core Strengths and Skills
- Educational Background: Have a Bachelor’s degree in information systems, information security, or a related field.
- Extensive Experience: Bring 3-5 years of experience in Security Operations or Security Incident Response to the table.
- Attack Landscape Mastery: Demonstrate a profound understanding of common attack vectors, vulnerabilities, and effective mitigation strategies.
- Cloud Security Proficiency: Exhibit expertise in Azure public cloud services, and associated security best practices.
- EDR/IDS/IPS Fluency: Showcase proficiency with EDR/IDS/IPS solutions, such as SentinelOne and Microsoft Defender.
- MITRE ATT&CK Alignment: Have experience aligning defensive security capabilities with MITRE ATT&CK framework.
- Hybrid Network Expertise: Excel in monitoring and enhancing detection capabilities in hybrid network architectures and complex topologies.
- Analytical Brilliance: Possess strong analytical and problem-solving skills, coupled with a keen attention to detail and a proactive mindset.
Additional Desirable Skills and Knowledge
- Certifications: Hold relevant certifications such as GCIH, GCIA, GCFA, GREM, OSCP, which underscore your expertise.
- Automation: Proficiency in scripting languages like Python, Bash, and PowerShell.
- Framework Familiarity: Familiarity with common information security management frameworks, including NIST and CIS.
- Regulatory Familiarity: Understand best practices, control frameworks, and applicable legal/regulatory requirements (e.g., SEC S-P Rule, FINRA recommendations, data privacy laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, PCI DSS).
Have we piqued your curiosity? Can you see yourself thriving in this opportunity?
Picture Yourself Here
At Commonwealth, we believe in a better world. We hold ourselves and each other to higher standards. We take care of one another. That’s why we invest in you—we encourage employee growth both in your career and education; we are building out a robust diversity, equity, and inclusion program; we offer incredible health care benefits; and we find plenty of occasions to celebrate. What’s not to love?
We are always striving to be better, and we are looking for employees who share that same mindset. Better people, better coworkers, better leaders, better creators. Bring your best work and your full self to the table, and we will do the same. Together, we can build a better future for our advisors, their clients, our company, and you.
About Commonwealth
Commonwealth Financial Network, Member FINRA/SIPC, a Registered Investment Adviser, provides a suite of business solutions that empowers more than 2,000 independent financial advisors nationwide. Privately held since 1979, the firm has headquarters in Waltham, Massachusetts; San Diego, California and a new office opening soon in greater Cincinnati, Ohio.
Turning our advisors into raving fans starts by doing the same for our employees. We foster an environment of excellence, growth, rewards, and fun in equal measure, which has earned us 44 Best Place to Work awards.
The Fine Print
We care about your online safety as a prospective employee and encourage you to exercise caution when responding to job postings online. Commonwealth will never ask potential hiring candidates to pay or transfer funds as a precondition of interviews or employment, nor will we authorize recruiters or agents to do so on our behalf.
Commonwealth is an equal opportunity employer, making intentional efforts to source talent from all backgrounds.