Information Security Analyst

About the job

Posted Date: Jan 4, 2023

Employment Type: Full Time

Brinks Texas License #C00550

The Brink’s name is a promise to respect the trust we’ve earned in over 150 years in business. Every employee honors that promise by offering the highest levels of service and support to our customers. We take pride in our work, and we share a passion about our future. Learn why so many people have made the choice to join our team – and stay here.

Job Title

Information Security Analyst

Job Description

Level 2 GSOC Analysts typically have 3+ years of experience, having more experience in cybersecurity event/incident assessment and deeper understanding of risk, threat, and vulnerability analysis. It is expected that analysts be available for extended hours/shifts for cybersecurity monitoring and incident response.

Detailed Responsibilities

Level 2 GSOC Analysts is expected to be able to perform all L1 functions. The Level 2 GSOC Analyst is familiar with cybersecurity incident response processes (NIST 800-61) and serves as the escalation point for L1 GSOC analysts for cybersecurity events, prioritizing multiple security issues and daily operational tasks. The Level 2 GSOC Analyst provides additional insight into events and continues higher level investigations. Level 2 Analysts are also responsible for performing preliminary threat hunting, toolset alert generation and tuning, and leading all levels of cybersecurity event, and low severity incident, response investigations. These individuals work closely with several other security teams, technical SMEs, and business unit contacts to resolve security events incidents and work towards improving Brinks’ overall security posture.

Operational Responsibilities

• Analyze, document, and report on potential security incidents identified in environments, including provide recommendations to correct day-to-day technology issues that impact the infrastructure.
• Receive escalations from L1 analysts for action and response, identifying threat events, and further escalating to L3 analysts as appropriate.
• Conduct real-time analysis using cybersecurity tools and correlation of security log data from numerous heterogeneous security devices across different layers, including support of a cybersecurity incident as directed by an L3 analyst.
• Conduct static file analysis, live response/investigation on systems, account containment, per GSOC playbooks, SOPs, and direction from L3 analysts.
• Manage and/or provide recommendations/actions for containment and remediation efforts stemming from cyber events, being responsible for accurate and consistent documentation through all phases of the IR process.
• Support L3 analysts leading cybersecurity incident response efforts.
• Develop cybersecurity skills and experience by learning and enforcing Information Security & GSOC policies, playbooks and procedures, and content, industry best practices, and develop training for the GSOC in support of these.
• Provide analysis and advisement on various security enforcement technologies including, but not limited to:
  • SIEM/SOAR
  • EDR / Anti-virus
  • Cloud (AWS, Azure)
  • Web Proxy
  • IDS / IPS / NSM
  • Email Security
  • Vulnerability Scanners
• Growing familiarity with Cloud (AWS, Azure) environments
• Investigate, document, and report on information security issues and emerging trends.
• With direction for GSOC L3s and management, ustilize multiple tools and methods (SOAR, SIEM, etc.) to develop, enhance/tune, and maintain correlations, alerts/detections, and automate incident response workflows to increase alert fidelity, streamline SOC efficiency and ensure repeatable processes while maintaining current documentation.
• Assist in product and vendor assessments and evaluations, based upon cybersecurity standards and industry best practices.
• Provide data from the GSOC toolset, assisting L3 analysts with data collection, for analysis in support of incident assessment/triage, and toolset maintenance.
• Integrate and share information with other analysts and teams.
• Other tasks and responsibilities as assigned.

Required Skills

• Strong communication skills, both written and oral.
• Strong analytical and investigative mindset.
• Experience with SOC ticketing systems and SOC processes.
• Ability to accurately and efficiently monitor, detect, analyze, and triage security events.
• Understanding of analyzing network traffic. Network skills commensurate of CompTIA Network+
• Cybersecurity knowledge commensurate with CompTIA Security+.
• Understanding of detecting and responding to user credential and OS-level attacks (Windows minimum).
• Knowledge of cyber incident response processes, common containment and remediation strategies.
• Growing understanding of cloud environments (AWS, Azure).
• Familiar with attacker tactics, tools, and technique (MITRE ATT&CK and Lockheed-Martin kill chain frameworks).
• Understanding and experience analyzing security events generated from security tools and device
  • Required experience including but not limited to SIEM and EDR capabilities.
  • Preferred experience with: Splunk, Carbon Black, Sourcefire, Cofense, McAfee, and DarkTrace. Additional SOAR experience a plus.
• Thorough understanding of security incident response processes.
• Able to perform open source research on events of interest, vulnerabilities, and malicious indicators and further enhance security posture.
• Ability to support CSIRT investigations, towards goal of growing technical and business skills to lead investigations.
• Ability to work independently, prioritize, and multitask.

Above And Beyond

• Ability to perform threat hunting.
• Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows), network security devices, and other enterprise tools.
• Administration of Windows & Linux platforms.
• Cloud certification (AWS Practitioner, Azure Fundamentals, CSA CCSK, Cloud+)
• Splunk certification
• Ability to create response documentation and playbooks.
• Ability to create and implement high fidelity IOCs and use cases.
• Ability to perform Windows forensic analysis and static/dynamic file analysis.
• Ability to perform network forensic analysis.
• Demonstrated experience and understanding of event timeline analysis and APT behavior, responding to APTs, or other advanced techniques and situations.

Desired Education/Experience

• Bachelor’s Degree in related field AND 1+ year(s) of related work experience OR 4 years of related work experience
• Security+, Network+, CASP, CySA+, GCIA, GMON, or similar Cyber Security/Incident Response Certifications or commensurate experience.

About Brink’s

Brink’s is the global leader in security and logistics services, trusted by banks, financial institutions and businesses in both public and private sectors. We deliver the currency of the world to businesses in our communities. We do it because we’re needed. We do it because we’re trusted and valued. We do it because it makes us proud. Brink’s Proud.

What’s Next?

Thank you for considering applying for a job at Brink’s U.S. To be considered for this position, you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature.

Upon completion of the application process, you will receive an email confirming that we have received your application. We will review all candidates and notify you of your status should we deem you fit for a job. Thank you again for your interest in a career at Brink’s U.S. For more information about future career opportunities, join our talent network, Like our Facebook page or Follow us on Twitter.

Brink’s is an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, marital status, protected veteran status, sexual orientation, gender identity, genetic information or history or any other characteristic protected by law. Brink’s is also committed to providing a drug free workplace.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.