Security Analyst - SOC
Rackspace are always strengthening – day to day and team to team, we are improving.
Our Enterprise Security Team are no different and we are looking to grow the team with a SOC Analyst/Cyber Security Analyst. This position will see you join a global team and be involved in making sure Rackspace stays protected.
The current team have a genuine passion for their jobs and sense of achievement is felt on a daily basis with global teams collaborating and sharing ideas and best practices.
Above anything else, we are looking for people who are passionate about Security and are happy to learn new things with an open mind.
For this position, your responsibilities will include;
- Supervise monitoring of security events and alerts received from SOC security tools.
- Manage end user reported incidents.
- Responsible for the first line of security incident response within the Rackspace SOC.
- Hunt for suspicious activity based on anomalous activity.
- Serve as the technical escalation point and mentor for lower-level analysts.
- Report potential and actual security violations and provide recommendations.
- Communicate directly with end users and asset owners.
- Perform in-depth analysis of log files, systems, and network traffic.
- Maintain a strong awareness of the current threat landscape.
- Create knowledge base articles for handling low severity incidents.
Some of the other things you will be involved with are;
- Strong knowledge and understanding of network protocols and devices.
- Experience in intrusion analysis and incident response.
- Strong experience with Mac OS, Windows, and Unix systems.
- Demonstrable problem solving, analytical skills and attention to detail.
- Packet and log analysis.
- Ability to handle high pressure situations in a productive and professional manner.
- Provide incident investigation, handling, and responses to include incident documentation.
- Provide tuning recommendations for security tools to tool administrators.
In order to be successful in this position, you should possess the following;
- CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
- Demonstratable background in a security operations centre (SOC) ideal.
- Experience with SIEM (i.e. Arcsight, Splunk, QRadar) Sourcefire, FireEye, FirePower, Snort or an equivalent tool.
- Strong OS and/or network system administration skills. Experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS, IPS).
- Data Loss Prevention/DLP
- Anti-Virus, Network Access Control, Encryption, Vulnerability Identification