Cyber security Incident Detection Analyst Senior

Apply now »

Date: Jan 11, 2019

Location: San Antonio, TX, US, 78251

Company: Capital Group

Req ID:  29143
Experience Level: Professional 
Other Location(s): N/A   

Come grow with us

At Capital Group, how we work is defined by shared values that include absolute integrity, respect and collaboration. But it’s more than that. It’s smart and highly driven people united in purpose to serve our investors and one another.

Bring your energy and unique perspective to Capital and you’ll have the opportunity to grow with us professionally, personally, and financially. You’ll be part of a team that genuinely cares about helping you succeed. You’ll work alongside talented colleagues, many of whom build long careers while progressing through multiple roles, establishing lifelong friendships and making a difference in our communities. In return for your contributions, you’ll receive premier compensation and benefits, and a company-funded retirement plan that ranks among the most generous.


Capital Group is looking for a Senior Cybersecurity Incident Detection Analyst to join our company and our team of awesome Cybersecurity Detection and Response Analysts. Our Security Intelligence Response Team (SIRT), who are primarily based in San Antonio, TX work to systemically detect and respond to cyber related security threats by using actionable intelligence from our internal and external environments in order to protect Capital Group’s sensitive information and critical infrastructure. Capital Group’s businesses include American Funds, one of the largest investment companies in the U.S. with over $1.7tn in assets under management. We are a globally diverse institutional investment company with an IT Security hub in San Antonio, TX managing large pools of capital such as pensions and endowments.
The Senior Cybersecurity Incident Detection Analyst will: 
  • Demonstrate a clear drive to learn, develop and apply new technologies, tools, and skills
  • Mentor team members in the same
  • Expand current skills and knowledge while working within a fast moving, highly skilled and diversely talented team 
  • Act as a subject matter expert and be central in our priority of detecting cybersecurity incidents
  • Periodically participate in and offer input for projects and efforts related to SIRT capabilities
  • In collaboration with leadership, act as a cybersecurity technical thought leader 
The successful candidate will join a highly advanced incident detection team who are experienced in detecting network anomalies using SIEM and other world-class technologies. They will create and maintain real-time detection methods and models, focused on the detection of security, operational network and application system events and incidents. Once detected, the successful candidate may also support the ongoing security incident investigation and remediation.  
  • Detect for anomalous network activity - lead and participate in the detection of security incidents while working collaboratively with other members of the team ensuring that the incidents are properly identified, analyzed, recorded and escalated to incident responders as appropriate and in accordance with the Capital Group Cyber Incident Response plan.  
  • Conduct threat hunting activities and investigations according to Capital Group’s processes in order to categorize and classify network intrusions, security incidents and false alarms. As well as providing feed back into the process to help evolve the overall incident detection and handling.
  • Provide and implement tuning recommendations for all security tools and alerting mechanisms to provide authentic and actionable items for the incident response team to react to will also be a key part of the job requirements. 
  • Must be able to utilize and champion various Cybersecurity detection frameworks, methods and tools, to develop and improve process requirements in support of strategic direction.
  • Expected to maintain an awareness and further knowledge of APT – Advanced Persistent Threats, and activities from various threat actors including insider threat, and detect indicators of compromise for the same. 
  • Perform forensics investigations, including using digital forensics practices and tools, documenting your findings of the investigation to support the necessary mitigation efforts and risk analysis outcome. 
  • Develop, maintain and continually improve process playbooks and guidance that will be used by the SIRT in our daily detection operations.
  • Communicate with the team, Senior Risk Management and various IT and business leadership both written and verbally on security incidents, operational metrics, situational awareness of events in daily and monthly meetings. 
  • Have and maintain a deep technical and analytical ability in the area of cybersecurity threats.
  • Must have advanced experience in the use of Splunk SPL, creation of complex searches and models, lookup tables and operational dashboards. 
  • Hadoop, Hunk and Elastic Search knowledge a plus.
  • Have experience with Windows and Linux operating systems. MacOS experience preferred but not required. 
  • Have an understanding of system and network administration skills with a working knowledge of how systems should and are expected to operate. 
  • Experience preferred in the following: Firewall, Proxy, IPS, IDS, AV, Endpoint security, PCAP analysis, Malware analysis, Penetration Testing, Purple Teaming, Security Architecture, Network and Internet Security, IT Auditing of systems and/or processes, proven ability to differentiate between intrusions and false-positives, Python, PowerShell, Highly motivated and maintains composure under pressure.
  • Have familiarity with Tableau, Confluence and JIRA
 Experience, Certifications, and Education: 
  • Minimum of 5+ years of experience in one or more of the following areas: cybersecurity, risk management, security incident response/management, forensics.
  • Preferred certifications include: ISC2 Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM), OSCP, SANS Institute Global Information Assurance Certification (GIAC), preferably one or more of the following: GCFE, GCIA, GCFA, or GNFA. CompTIA CySA+. Certified Ethical Hacker (CEH).
  • Bachelors or Master’s Degree in Cybersecurity, Information Security, Computer Science, Information Systems or in comparable educational domains (Enterprise Risk Management, IT Audit, etc.)


Company Overview:
Founded in 1931, Capital Group is one of the world’s largest and most trusted investment management companies and home to the American Funds. We manage more than US$1.7 trillion in assets, and our 7,500 associates make our clients their first priority every day. When we do our job right, millions of investors around the world fulfill their dreams and financial goals, from home ownership and higher education, to a comfortable retirement. Our long-term investment results and outstanding service set us apart from our competitors, while our workplace sets us apart from other employers. 
We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law. 

Nearest Major Market: San Antonio

Job Segment: Information Systems, Database, Computer Science, Linux, Information Security, Technology