• Senior Security Analyst

    Location(s) US-TX-San Antonio
    Req #
    38654
    Category
    Cyber Security
  • Overview & Responsibilities

    Rackspace is currently seeking a Cyber Security Analyst to:

     

    • Manage operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions. Ensure events are properly identified, analyzed, and escalated to incidents.
    • Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.
    • Serve as the technical escalation point and mentor for lower-level analysts.
    • Participate in the response, investigation, and resolution of security incidents.
    • Provide communication throughout an incident per the CSOC Standard Operating Procedures.
    • Communicate directly with end users and asset owners.
    • Maintain a strong awareness of the current threat landscape.
    • Create knowledge base articles for handling medium and high severity incidents.
    • Assist in the advancement of security policies, procedures, and automation.
    • Create custom network based signatures to improve defensive posture within NIDS and SIEM.
    • Utilize malware analysis techniques (advanced and static analysis) to identify and assess malicious software. Perform computer and network forensic analysis.
    • Develop incident response reporting and policy updates as needed.

    Day to day responsibilities:

    • Monitors global NIDS, Firewall, and log correlation tools for potential threats. 
    • Initiates escalation procedure to counteract potential threats/vulnerabilities. 
    • Provides incident remediation and prevention documentation. 
    • Documents and conforms to processes related to security monitoring. 
    • Provides performance metrics as necessary. 
    • Provides customer service that exceeds our customers’ expectations.

    Qualifications

    Background and experience:

    • Advanced knowledge and understanding of network protocols and devices.
    • Highly proficient in intrusion analysis and incident response.
    • Advanced experience with Mac OS, Windows, and Unix systems.
    • Demonstrable problem solving, analytical skills and attention to detail.
    • Strong verbal and written communication skills.
    • Ability to handle high-pressure situations in a productive and professional manner.
    • Document and conform to processes related to security monitoring.
    • Provide incident investigation, handling, and response to include incident documentation.
    • Conduct computer evidence seizure, computer forensic analysis, and data recovery.
    • Strong time management, skills with the ability to multitask.
    • Packet and log analysis.
    • Ability to work a flexible work schedule, including weekends.
    • Provide training and mentorship to lower-level security analysts.
    • Provide tuning recommendations for security tools to tool administrators.
    • Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++.
    • General knowledge and experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices, and threat modeling.

     Advanced knowledge of the following:

    • SIEM
    • Packet Analysis
    • SSL Decryption
    • Malware Detection
    • HIDS/NIDS
    • Network Monitoring Tools
    • Case Management System
    • Knowledge Base
    • Web Security Gateway
    • Email Security
    • Data Loss Prevention
    • Anti-Virus
    • Network Access Control
    • Encryption
    • Vulnerability Identification

    Required experience and education: 

    • Bachelor’s degree in Computer Science or equivalent combination of education and experience required.
    • 3+ years of experience in a security operations center (SOC) environment required.
    • GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MSA, MCP, or MCSE preferred.
    • Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.
    • 3+ years of experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.
    • Experience creating Snort signatures preffered