Who are we looking for

An experienced security analyst with expertise in network security monitoring (NSM) or network traffic analysis (NTA). This person will join State Street’s Security Platforms team, which is responsible for designing, configuring, and supporting the key security tools supporting our Cyber Fusion Center. Success in this role will require security knowledge, expertise with security platforms and network traffic, and problem solving skills.

What will you be responsible for

• Ensuring the security of State Street by delivering the most capable and reliable security tools for our incident responders and threat hunters
• Managing some of the key network security controls at State Street, specifically a set of tools which provide NSM, network IDS / IPS, and other detection methods at the network level
• Maintaining our network-related platforms to ensure high reliability, availability, and performance
• Tuning and upgrading system components, following internal testing and change management processes
• Monitoring the coverage or visibility of our network-related platforms to ensure effective detection and response of network threats
• Maintaining situational awareness for changes which might affect network traffic capture or other key capabilities
• Delivering rapid and effective solutions to emerging security threats and new requirements
• Educating other teams within the Cyber Fusion Center on the capabilities and use cases of our security platforms, including in threat detection, incident response, threat hunting, and insider investigations
• Contributing to projects that improve current capabilities, drive adoption, and enable future growth
• Implementing novel technical solutions to integrate internal systems and automate repetitive processes, in order to improve security, boost efficiency, and increase the value of our platforms

What we value

• Experience operating and supporting tools for IR, threat detection, or threat hunting at the network level (e.g., Bro / Zeek, Suricata, Security Onion, FireEye NX, Fidelis, Corelight, Sourcefire / Firepower)
• Familiarity with a range of open source and commercial NSM tools, including their use cases, capabilities, and limitations
• Strong foundational security knowledge, specifically in large and complex organisations
• Understanding of current security threats and other challenges, as well as frameworks like MITRE ATT&CK
• Experience of a 24/7 security operations environment emphasising speed of response, reliability, and tool availability
• A desire to learn, combined with a collaborative work style and strong personal work ethic
• Strong communication and presentation skills, both verbal and written

Education & Preferred Qualifications

• This is a role for an experienced security professional, expected to have 5+ years of relevant security and systems management experience (at least 3 years in security)
• This role requires an understanding of network traffic analysis and enterprise network architectures
• A degree is not required for this role, but a qualification in information security or information systems may be beneficial
• Experience with scripting, system integration, or light development would be beneficial (e.g., Python, PowerShell, other scripting)
• Networking and security certifications may be beneficial, in particular relevant product certs
• Experience with endpoint detection and response (EDR), advanced anti-malware, and other endpoint security tools may be beneficial
• Experience in distributed, international teams would be beneficial
• Experience in financial services may be beneficial

Additional Requirements

• This team supports 24/7 operations, therefore participation in an on-call rotation is required