Cyber Security Analyst I

Cybersecurity San Antonio, Texas


Rackspace is currently seeking a Cyber Security Analyst to join our team in San Antonio, Texas!

As a Cyber Security Analyst I, you would:

  • Manage operations in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions. Ensure events are properly identified, analyzed, and escalated to incidents.
  • Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.
  • Serve as the technical escalation point and mentor for lower-level analysts.
  • Participate in the response, investigation, and resolution of security incidents.
  • Provide communication throughout an incident per the CSOC Standard Operating Procedures.
  • Communicate directly with end users and asset owners.
  • Maintain a strong awareness of the current threat landscape.
  • Create knowledge base articles for handling medium and high severity incidents.
  • Assist in the advancement of security policies, procedures, and automation.
  • Create custom network based signatures to improve defensive posture within NIDS and SIEM.
  • Utilize malware analysis techniques (advanced and static analysis) to identify and assess malicious software. Perform computer and network forensic analysis.
  • Develop incident response reporting and policy updates as needed.

Day to day responsibilities:

  • Monitors global NIDS, Firewall, and log correlation tools for potential threats.
  • Initiates escalation procedure to counteract potential threats/vulnerabilities.
  • Provides incident remediation and prevention documentation.
  • Documents and conforms to processes related to security monitoring.
  • Provides performance metrics as necessary.
  • Provides customer service that exceeds our customers’ expectations.

Background and experience:

  • Advanced knowledge and understanding of network protocols and devices.
  • Highly proficient in intrusion analysis and incident response.
  • Advanced experience with Mac OS, Windows, and Unix systems.
  • Demonstrable problem solving, analytical skills and attention to detail.
  • Strong verbal and written communication skills.
  • Ability to handle high-pressure situations in a productive and professional manner.
  • Document and conform to processes related to security monitoring.
  • Provide incident investigation, handling, and response to include incident documentation.
  • Conduct computer evidence seizure, computer forensic analysis, and data recovery.
  • Strong time management, skills with the ability to multitask.
  • Packet and log analysis.
  • Ability to work a flexible work schedule, including weekends.
  • Provide training and mentorship to lower-level security analysts.
  • Provide tuning recommendations for security tools to tool administrators.
  • Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++.
  • General knowledge and experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices, and threat modeling.

Advanced knowledge of the following:

  • SIEM
  • Packet Analysis
  • SSL Decryption
  • Malware Detection
  • Network Monitoring Tools
  • Case Management System
  • Knowledge Base
  • Web Security Gateway
  • Email Security
  • Data Loss Prevention
  • Anti-Virus
  • Network Access Control
  • Encryption
  • Vulnerability Identification

Required experience and education:

  • Bachelor’s degree in Computer Science or equivalent combination of education and experience required.
  • Up to 3 years of experience in a security operations center (SOC) environment required.
  • GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MSA, MCP, or MCSE preferred.
  • Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.
  • 3+ years of experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.
  • Experience creating Snort signatures preferred

This opportunity is to join our after-hours team on Third Shift.
Third shift starts at 10pm. Each Racker on the shift is required to work at least one weekend day.