Lead Security Analyst at Rackspace, the
Do you like to hunt for cyber attacks in the Kill Chain? Come join Rackspace Managed Security We are looking for a Team Lead Cyber Security Analyst.
Day to day responsibilities:
Desired Skills and Experience
- Manage operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions. Ensure events are properly identified, analyzed, and escalated to incidents.
- Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.
- Serve as the technical escalation point and mentor for lower-level analysts.
- Participate in the response, investigation, and resolution of security incidents.
- Provide communication throughout an incident per the ISOC Standard Operating Procedures.
- Communicate directly with end users and asset owners.
- Maintain a strong awareness of the current threat landscape.
- Create knowledge base articles for handling medium and high severity incidents.
- Assist in the advancement of security policies, procedures, and automation.
- Create custom network based signatures to improve defensive posture within NIDS and SIEM.
- Utilize malware analysis techniques (advanced and static analysis) to identify and assess malicious software. Perform computer and network forensic analysis.
- Develop incident response reporting and policy updates as needed.
- Monitors global NIDS, Firewall, and log correlation tools for potential threats.
- Initiates escalation procedure to counteract potential threats/vulnerabilities.
- Provides incident remediation and prevention documentation.
- Documents and conforms to processes related to security monitoring.
- Provides performance metrics as necessary.
- Provides customer service that exceeds our customers’ expectations.
- Advanced knowledge and understanding of network protocols and devices.
- Highly proficient in intrusion analysis and incident response.
- Advanced experience with Mac OS, Windows, and Unix systems.
- Demonstrable problem solving, analytical skills and attention to detail.
- Strong verbal and written communication skills.
- Ability to handle high-pressure situations in a productive and professional manner.
- Document and conform to processes related to security monitoring.
- Provide incident investigation, handling, and response to include incident documentation.
- Conduct computer evidence seizure, computer forensic analysis, and data recovery.
- Strong time management, skills with the ability to multitask.
- Packet and log analysis.
- Ability to work a flexible work schedule, including weekends.
- Provide training and mentorship to lower-level security analysts.
- Provide tuning recommendations for security tools to tool administrators.
- Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++.
- General knowledge and experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices, and threat modeling.
- SIEM
- Packet Analysis
- SSL Decryption
- Malware Detection
- HIDS/NIDS
- Network Monitoring Tools
- Case Management System
- Knowledge Base
- Web Security Gateway
- Email Security
- Data Loss Prevention
- Anti-Virus
- Network Access Control
- Encryption
- Vulnerability Identification
- Bachelor’s degree in Computer Science or equivalent combination of education and experience required.
- 5+ years of experience in a security operations center (SOC) environment required.
- GCIA, GCIH required. GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MSA, MCP, or MCSE preferred.
- Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.
- 5+ years of experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.
- Experience creating Snort signatures required.