Security Operations Analyst

at CMG
  • Remote - Brazil, Argentina

Remote

Cybersecurity

Mid-level

Job description

The Company

Capital Markets Gateway LLC (CMG) is a financial technology firm, uniquely focused on the equity capital markets (ECM), connecting investors and underwriters via a neutral platform. CMG delivers integrated ECM data and analytics, unrivalled transparency into deal flow, and workflow efficiencies for an otherwise fragmented and inefficient process. Providing a digital system of record for firm-wide deal activity, CMG helps clients make more timely, better-informed decisions. Launched in 2017 by a team of ECM practitioners, CMG has completed two successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 20 global investment banks. For more information, please visit www.cmgx.io.

The Role

As a Security Operations Analyst at CMG, you will play a pivotal role in protecting our technology stack, data, and users. You will work closely with Security, IT, and Engineering teams to ensure the security, resilience, and compliance of our cloud-first, distributed environment. This is a remote position with an expectation of high autonomy, initiative, and the ability to drive improvements across security operations and IT security.

Our Engineering Team

The CMG engineering team consists of domain experts who work collaboratively within a culture of cross-domain knowledge sharing. We value engineers who are passionate about modern technologies and best practices.

Our engineers are willing to challenge the status quo and are constantly seeking improvement and efficiency in our code-base and platform. CMG engineers are empowered to explore solutions and bring recommendations to the table. We are in a period of making impactful engineering decisions. As part of our process, we believe in taking the time for research and prototyping - this is critical in making the right decisions.

Given the experience of our team, we have naturally adopted best practices from local development, through code review and into production rollouts. Besides the standard pull requests, test automation, code coverage tracking, containerization, and one-click deployments we are constantly reviewing these foundational components to develop new best practices

Security Operations & Incident Response

  • Monitor, triage, and respond to security alerts and incidents across endpoints, cloud, and SaaS environments.
  • Conduct root cause analysis, document incidents, and assist with post-incident reviews.
  • Develop and maintain incident response playbooks; participate in tabletop exercises.

Endpoint & IT Security

  • Administer and enhance endpoint security for macOS and Windows, supporting company-owned devices.
  • Develop and manage endpoint hardening baselines, configurations, and compliance reporting.
  • Support automation and scripting efforts (e.g., PowerShell, Bash, Python) to improve monitoring and response.

Cloud & SaaS Security

  • Support security and compliance controls in Azure AD, Office 365, and key SaaS platforms.
  • Implement and monitor access controls, DLP policies, and secure configurations for cloud and SaaS solutions.
  • Collaborate with IT and Engineering on secure deployment and integration of new applications.

Risk Management & Security Governance

  • Participate in third-party and vendor risk reviews; contribute to risk assessments and audits.
  • Support the development and maintenance of security policies, procedures, and runbooks.
  • Track vulnerabilities (OWASP, CVSS), prioritize remediation with risk-based approaches, and maintain an up-to-date inventory of assets.

Collaboration & Communication

  • Engage proactively with peers and stakeholders across security, engineering, and business teams.
  • Deliver clear, actionable communication on risks, incidents, and security posture—tailored to both technical and non-technical audiences.

Required Qualifications

  • Bachelor’s degree in Computer Science, Cybersecurity, or related field—or equivalent work experience.
  • 3+ years in security operations, IT security, or similar roles (fintech/regulated industry experience preferred).
  • Strong proficiency in macOS and Windows 11 operating systems.
  • Hands-on experience with MDM/endpoint management tools (e.g., Intune)
  • Working knowledge of BYOD security, scripting/automation, and cloud (Azure, O365) administration.
  • Familiarity with SaaS security, DLP, CASB, and vulnerability management tools.
  • Understanding of security frameworks (NIST CSF, ISO 27001) and regulatory requirements.
  • Strong analytical, investigative, and problem-solving skills.
  • Excellent written and verbal communication; ability to work independently and collaboratively.

Preferred Qualifications

  • Experience with scripting (PowerShell, Bash, Python).
  • Experience with SIEM (Microsoft Sentinel)
  • Certifications: CompTIA Security+, Microsoft Certified: Security Operations Analyst Associate, or similar.
  • Exposure to security governance, risk management, and vendor risk processes.
  • Knowledge of security operations in a distributed, remote-first environment.

Our Tech Stack

  • Latest .NET version for our backend services
  • Entity Framework for our ORM
  • MassTransit and RabbitMQ for messaging
  • xUnit.net + Moq + FluentAssertions for testing
  • Hangfire for our background processing
  • Federated GraphQL .NET server running in Hot Chocolate
  • Docker + Kubernetes for microservice orchestration
  • PostgreSQL for relational db
  • Redis Cache for distributed caching and real-time messaging
  • Istio for our cluster service mesh
  • Swashbuckle for swagger generation
  • Microsoft Azure services for hosting and operations, soon to be cross-cloud
  • DataDog, Grafana and OpenTelemetry
  • GitHub for our Version Control
  • React with TypeScript on our front-end
  • React Native for Mobile App Development

Our Values

  • We innovate with purpose
  • We focus on outcomes vs. output
  • We believe diverse and inclusive teams fuel innovation
  • We are humble yet candid
  • We do right by the customer

What We Offer

  • 2 year+ contract
  • 15 business days of vacation
  • Tech courses and conferences
  • Top-of-the-line MacBook
  • Fully remote working environment
  • Flexible working hours

At CMG, we accept nothing less than equity, inclusion and belonging for all. We are deeply committed to listening, learning and constantly improving for the betterment of our teams, clients and communities. CMG is proud to be an Equal Opportunity Employer.

Share this job:
Please let CMG know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

CMG logo

CMG

Modernizing equity capital markets

  • 51-200 employees
  • Founded in 2015
  • 5 remote jobs
View all jobs

Latest Jobs at CMG

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply