Rackspace Security Analyst in San Antonio, Texas

Overview & Responsibilities

Rackspace is currently seeking a Cyber Security Analyst to:

  • Manage operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions. Ensure events are properly identified, analyzed, and escalated to incidents.

  • Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.

  • Serve as the technical escalation point and mentor for lower-level analysts.

  • Participate in the response, investigation, and resolution of security incidents.

  • Provide communication throughout an incident per the CSOC Standard Operating Procedures.

  • Communicate directly with end users and asset owners.

  • Maintain a strong awareness of the current threat landscape.

  • Create knowledge base articles for handling medium and high severity incidents.

  • Assist in the advancement of security policies, procedures, and automation.

  • Create custom network based signatures to improve defensive posture within NIDS and SIEM.

  • Utilize malware analysis techniques (advanced and static analysis) to identify and assess malicious software. Perform computer and network forensic analysis.

  • Develop incident response reporting and policy updates as needed.

Day to day responsibilities:

  • Monitors global NIDS, Firewall, and log correlation tools for potential threats.

  • Initiates escalation procedure to counteract potential threats/vulnerabilities.

  • Provides incident remediation and prevention documentation.

  • Documents and conforms to processes related to security monitoring.

  • Provides performance metrics as necessary.

  • Provides customer service that exceeds our customers’ expectations.

Qualifications

Background and experience:

  • Advanced knowledge and understanding of network protocols and devices.

  • Highly proficient in intrusion analysis and incident response.

  • Advanced experience with Mac OS, Windows, and Unix systems.

  • Demonstrable problem solving, analytical skills and attention to detail.

  • Strong verbal and written communication skills.

  • Ability to handle high-pressure situations in a productive and professional manner.

  • Document and conform to processes related to security monitoring.

  • Provide incident investigation, handling, and response to include incident documentation.

  • Conduct computer evidence seizure, computer forensic analysis, and data recovery.

  • Strong time management, skills with the ability to multitask.

  • Packet and log analysis.

  • Ability to work a flexible work schedule, including weekends.

  • Provide training and mentorship to lower-level security analysts.

  • Provide tuning recommendations for security tools to tool administrators.

  • Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++.

  • General knowledge and experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices, and threat modeling.

Advanced knowledge of the following:

  • SIEM

  • Packet Analysis

  • SSL Decryption

  • Malware Detection

  • HIDS/NIDS

  • Network Monitoring Tools

  • Case Management System

  • Knowledge Base

  • Web Security Gateway

  • Email Security

  • Data Loss Prevention

  • Anti-Virus

  • Network Access Control

  • Encryption

  • Vulnerability Identification

Required experience and education:

  • Bachelor’s degree in Computer Science or equivalent combination of education and experience required.

  • 3+ years of experience in a security operations center (SOC) environment required.

  • GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MSA, MCP, or MCSE preferred.

  • Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.

  • 3+ years of experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.

  • Experience creating Snort signatures preffered

Req # 40594

Category Cyber Security

About Rackspace

Rackspace is modernizing IT in today’s multi-cloud world. We have been honored by Fortune, Forbes, Glassdoor and others as one of the best places to work. We serve over 50% of the Fortune 100 companies & customers in 120 countries around the globe. Our achievements are powered by our people – we call them Rackers. We grow & thrive through world-class development opportunities, learning & selling bleeding-edge technologies & solutions, and most importantly, connecting with each other (the best & brightest in the industry). Are you a Racker? Join us!

More on Rackspace

Rackers aren’t all alike. We look different. We think uniquely. We are from many places and our beliefs & backgrounds vary. But, being a Racker — a valued member of a winning team on an inspiring mission – is what connects us all. Rackers are encouraged to bring their whole self to work every day, as we know that unique perspectives fuel innovation and enable us to best serve our customers & communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.