Security Analyst II

Cyber Security San Antonio, Texas


Description

We are seeking a Cyber Security Analyst to join the Rackspace Security Operations Team in San Antonio, Texas!

PRIMARY RESPONSIBILITY

  • Supervise monitoring of security events and alerts received from security tools.
  • Manage end user reported incidents. Responsible for the first line of security incident response within Rackspace Cyber Security Operations.
  • Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.
  • Serve as the technical escalation point and mentor for lower-level analysts.
  • Provide communication and escalation throughout an incident per Standard Operating Procedures.
  • Report potential and actual security violations and provide recommendations.
  • Communicate directly with end users and asset owners.
  • Perform in-depth analysis of log files, systems, and network traffic.
  • Maintain a strong awareness of the current threat landscape.
  • Create knowledge base articles for handling low severity incidents

KNOWLEDGE/SKILLS/ABILITY

  • Strong knowledge and understanding of network protocols and devices.
  • Experience in intrusion analysis and incident response.
  • Strong experience with Mac OS, Windows, and Unix systems.
  • Demonstrable problem solving, analytical skills and attention to detail.
  • Strong verbal and written communication skills.
  • Packet and log analysis.
  • Ability to handle high pressure situations in a productive and professional manner.
  • Document and conform to processes related to security monitoring.
  • Provide incident investigation, handling, and response to include incident documentation.
  • Strong time management, skills with the ability to multitask.
  • Ability to work a flexible work schedule, including weekends.
  • Provide training and mentorship to lower-level security analysts.
  • Provide tuning recommendations for security tools to tool administrators.
  • Provide tuning recommendations for security tools to tool administrators.
  • Strong knowledge of the following:
    • SIEM
    • Packet Analysis
    • SSL Decryption
    • Malware Detection
    • HIDS/NIDS
    • Network Monitoring Tools
    • Case Management System,
    • Knowledge Base
    • Web Security Gateway
    • Email Security
    • Data Loss Prevention
    • Anti-Virus
    • Network Access Control
    • Encryption
    • Vulnerability Identification.

JOB COMPLEXITY

  • Monitors global NIDS, Firewall, and log correlation tools for potential threats.
  • Initiates escalation procedure to counteract potential threats/vulnerabilities.
  • Provides incident remediation and prevention documentation.
  • Documents and conforms to processes related to security monitoring.
  • Provides performance metrics as necessary.
  • Provides customer service that exceeds our customers’ expectations.

SUPERVISION: General instruction on routine tasks, detailed instruction on new assignments.

MINIMUM QUALIFICATIONS

  • Bachelor’s degree in Computer Science or equivalent combination of education and experience required. 
  • GCIA required. GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred.
  • 2-4 years of experience in a security operations center (SOC) environment required.
  • Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.
  • Basic system administration skills.
  • Experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.
  • Experience in creating Snort signatures required.

**This position will be scheduled from 4pm to 2am, Wednesday through Saturday**

PHYSICAL DEMANDS:
General office environment. May require long periods sitting and viewing a computer monitor. Moderate levels of stress may occur at times. No special physical demands required. Occasional domestic travel, less than 10%.