Rackspace Security Analyst II - US in San Antonio, Texas

Overview & Responsibilities

Rackspace is currently seeking a Cyber Security Analyst to:

  • Manage operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions. Ensure events are properly identified, analyzed, and escalated to incidents.

  • Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.

  • Serve as the technical escalation point and mentor for lower-level analysts.

  • Participate in the response, investigation, and resolution of security incidents.

  • Provide communication throughout an incident per the CSOC Standard Operating Procedures.

  • Communicate directly with end users and asset owners.

  • Maintain a strong awareness of the current threat landscape.

  • Create knowledge base articles for handling medium and high severity incidents.

  • Assist in the advancement of security policies, procedures, and automation.

  • Create custom network based signatures to improve defensive posture within NIDS and SIEM.

  • Utilize malware analysis techniques (advanced and static analysis) to identify and assess malicious software. Perform computer and network forensic analysis.

  • Develop incident response reporting and policy updates as needed.

Day to day responsibilities:

  • Monitors global NIDS, Firewall, and log correlation tools for potential threats.

  • Initiates escalation procedure to counteract potential threats/vulnerabilities.

  • Provides incident remediation and prevention documentation.

  • Documents and conforms to processes related to security monitoring.

  • Provides performance metrics as necessary.

  • Provides customer service that exceeds our customers’ expectations.

Qualifications

Background and experience:

  • Advanced knowledge and understanding of network protocols and devices.

  • Highly proficient in intrusion analysis and incident response.

  • Advanced experience with Mac OS, Windows, and Unix systems.

  • Demonstrable problem solving, analytical skills and attention to detail.

  • Strong verbal and written communication skills.

  • Ability to handle high-pressure situations in a productive and professional manner.

  • Document and conform to processes related to security monitoring.

  • Provide incident investigation, handling, and response to include incident documentation.

  • Conduct computer evidence seizure, computer forensic analysis, and data recovery.

  • Strong time management, skills with the ability to multitask.

  • Packet and log analysis.

  • Ability to work a flexible work schedule, including weekends.

  • Provide training and mentorship to lower-level security analysts.

  • Provide tuning recommendations for security tools to tool administrators.

  • Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++.

  • General knowledge and experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices, and threat modeling.

Advanced knowledge of the following:

  • SIEM

  • Packet Analysis

  • SSL Decryption

  • Malware Detection

  • HIDS/NIDS

  • Network Monitoring Tools

  • Case Management System

  • Knowledge Base

  • Web Security Gateway

  • Email Security

  • Data Loss Prevention

  • Anti-Virus

  • Network Access Control

  • Encryption

  • Vulnerability Identification

Required experience and education:

  • Bachelor’s degree in Computer Science or equivalent combination of education and experience required.

  • 3+ years of experience in a security operations center (SOC) environment required.

  • GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MSA, MCP, or MCSE preferred.

  • Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.

  • 3+ years of experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.

Experience creating Snort signatures preffered

Req # 39075

Category Cyber Security