Listing Description
Summary:
Perform real-time monitoring and analysis of security events from multiple sources. Identify source or cause and provide recommendations for secure infrastructure through policy, practices, risk management, engineering, and improved operations. Responsible for adhering to company security policies and procedures and any other relevant policies and standards as directed.
Career Level Summary:
· Requires in-depth conceptual and practical knowledge in own job discipline and basic knowledge of related job disciplines
· Solves complex problems
· Works independently, receives minimal guidance
· May lead projects or project steps within a broader project or may have accountability for on-going activities or objectives
· Acts as a resource for colleagues with less experience
· Level at which career may stabilize for many years or until retirement
Critical Competencies:
· Systems Thinking: Takes a whole systems approach to analyze issues and implements holistic solutions by ensuring that linkages between structure, people, process, and technology are made
· Idea Creation: Identifies new technologies, applications, and process changes to continually improve efficiency or technology performance
Key Responsibilities:
· Other Incidental tasks related to the job, as necessary.
· Monitor and analyze log files from a variety of sources, including but not limited to NIDS, HIDS, firewall logs, and system logs (Windows and Unix) to identify possible threats to network security
· Triage security events: assess the priority and determine risk
· Receive escalations of events from lower-level analysts
· Use the Cyber Kill Chain, current intelligence information, and investigative techniques to proactively review customers environments searching for anomalous behavior
· Identify, modify, and manipulate applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files)
· Reconstruct cyber events, assess cyber threat and scope of impact, identify, and track any internal lateral or external movement, and develop response solutions
· Interact with security community to obtain technical cyber threat intelligence; track cyber threat actors/campaigns based on technical analysis and open source/third party intelligence
· Research and track new exploits and cyber threats; conduct cursory and/or in-depth computer forensic investigations (i.e., packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate for hand-offs/escalations
· Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering.
· Communicate and report on key intelligence, analysis and response activities, relevant metrics, and KPIs
· Work as a part of an Incident Response Team to investigate and remediate active threats while accurately documenting results using standard incident response techniques and the incident response process
Knowledge:
· Proficient knowledge of Cybersecurity principles, threats, and vulnerabilities
· Proficient knowledge of incident response methodologies
· Proficient knowledge of cyber investigative techniques
· Deep understanding and continued learning of current cyber threat trends
· Proficient knowledge of computer networking concepts and protocols, and network security methodologies
· Proficient knowledge of Proficient physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, NICs, Data storage)
· Proficient knowledge of defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
· Proficient knowledge of virtualization and cloud-based Infrastructure (AWS, Azure, GCP)
· Proficient knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files
· Proficient knowledge of networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications
· Proficient knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA])
· Proficient knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
· Requires in-depth conceptual and practical knowledge in own job discipline and basic knowledge of related job disciplines
· Has knowledge of best practices and how own area integrates with others; is aware of the competition and the factors that differentiate them in the market
Skills
· Intermediate system administration, network, and operating system hardening techniques
· Proficient skills in hacking methodologies in Windows or Unix/Linux environment
· Proficient skills in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
· Proficient skills in Security Information and Event Management tools - Searching, aggregating, and correlating data
· Demonstrated effective oral and written communication skills
· Demonstrated effective problem solving & analytical skills
· Team player, willing to work with others in sharing information to help increase overall team knowledge
Education:
Required
· Bachelor's Degree in Computer Science, Management Information Systems, or a related technical field
· At the Manager's discretion, 4 years of additional related experience may substitute for the degree requirement; if substitution allowed, regional equivalent to High School Diploma is required.
Preferred
· Degree focus on Cyber Security
Certifications
· Sec+, GSEC, and Net+ certifications required
· Prefer completion of, or work toward, SANS GIAC/GCIA/GCIH/GCFA, etc. or other network/system security certifications
Experience
· 5 - 7 years of experience in cyber security
· Experience analyzing host and network-based logged events (i.e. firewall, IPS/IDS, Windows, Web, proxy, and mail filtering)
· Experience in a Security Operations Center
Physical Demands
General office environment: no special physical demands required. May require long periods of sitting and viewing a computer monitor. Schedule flexibility to include working weekends and/or evenings and holidays as required by the business for 24/7 operations. Must be able to lift 50 lbs over-head.
Travel
No travel required
Disclaimer
The above information has been designed to indicate the general nature and level of work performed by employees in this classification. It is not designed to contain or to be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the employee assigned to this job.
The following information is required by the Colorado Equal Pay Transparency Act and applies only to individuals working in the state of Colorado. The anticipated starting pay range of Colorado applicants for this role is $81,600 – 105,800. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, licenses and certifications, and specific work location. Information on benefits offered is here.
#LI-RD1, #LI-Remote
About Rackspace Technology
We are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.
More on Rackspace Technology
Though we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided