Lead Forensic Analyst
United States - Remote
Applications have closed
Rackspace
As a cloud computing services pioneer, we deliver proven multicloud solutions across your apps, data, and security. Maximize the benefits of modern cloud.Key Duties and Responsibilities:· Lead the triage of security events; review and update incident response processes and policies· Review and update processes and procedures for monitoring and analysis of log files· Serve as the technical escalation expert and mentor for lower-level analysts· Maintain a deep awareness of the current threat landscape; evaluate monitoring and analysis activities, ensuring inclusion of new and emerging threats and risks· Create knowledge base articles for handling low and medium severity incidents· Create and review queries to search for advanced threats· Collaborate with intelligence analysts to correlate threat assessment data· Lead and conduct research, analysis, and correlation across a wide variety of all source data sets to hunt for malicious activity in customer environments.· Lead and participate in the Incident Response Team to investigate and remediate active threats while accurately documenting results using standard incident response technique· Collect and analyze intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise· Lead and conduct analysis of log files, evidence, and other information to determine best methods for identifying network intrusion· Review and confirm details and data about intrusions and discover new information, if possible, after identifying intrusion; respond and communicate to customers during process· Interact with security community to provide and obtain technical cyber threat intelligence; track cyber threat actors/campaigns based on technical analysis and open source/third party intelligence· Research and track new exploits and cyber threats; conduct cursory and/or in-depth computer forensic investigations (i.e. packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate to receive hand-offs/escalations· Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering· Write and publish after action reviews· Provides deep expertise and a broad view of the organization to optimize linkages between structure, people, process, and technology· Develops strategies to bring new technologies, applications, and process changes to life· Recognized as an expert within the company and requires in-depth and/or breadth of expertise in own job discipline and broad knowledge of other job disciplines within the organization function· Solves unique problems that have a broad impact on the business· Contributes to the development of organizational sub-function strategy· Progression to this level is typically restricted on the basis of business requirements Required Knowledge:· Expert knowledge of Cybersecurity principles, threats, and vulnerabilities· Expert knowledge of incident response methodologies· Expert knowledge of cyber investigative techniques· Deep understanding and continued learning of current cyber threat trends· Expert knowledge of computer networking concepts and protocols, and network security methodologies· Expert knowledge of Expert physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, NICs, Data storage)· Expert knowledge of defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).· Expert knowledge of virtualization and cloud-based Infrastructure (AWS, Azure, GCP)· Expert knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files· Expert knowledge of networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications· Expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Expert Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA])· Expert knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)· Advanced knowledge of types of digital forensics data and how to recognize them· Regarded as the technical expert in their job discipline within the organization· Requires in-depth and/or breadth of expertise in own job discipline and broad knowledge of other job disciplines within the organization function· Anticipates business and regulatory issues; recommends product, process or service improvements Required Skills: · Intermediate system administration, network, and operating system hardening techniques· Expert skills in hacking methodologies and conducting forensic analyses in Windows or Unix/Linux environment· Expert skills in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)· Expert skills in Security Information and Event Management tools - Searching, aggregating, and correlating data· Demonstrated effective oral and written communication skills· Demonstrated effective problem solving & analytical skills· Team player, willing to work with and mentor others in sharing information to help increase overall team knowledge and abilities Experience: · Minimum of 12 years of experience in cyber security· 5+ years of experience analyzing host and network-based logged events (i.e. firewall, IPS/IDS, Windows, Web, proxy, and mail filtering)· 5+ years of experience in a Security Operations Center· Experience reviewing and updated incidence response processes and protocols Education/Certification:· Bachelor's Degree in Computer Science, Management Information Systems, or a related technical field. Highly prefer an Advanced Degree in Cyber Security· At the Manager's discretion, 4 years of additional related experience may substitute for the degree requirement; if substitution allowed, regional equivalent to High School Diploma is required.· Sec+, GSEC, and Net+ certifications required· Prefer completion of SANS GIAC/GCIA/GCIH/GCFA, etc. or other network/system security certificationsThe following information is required by the Colorado Equal Pay Transparency Act and applies only to individuals working in the state of Colorado. The anticipated starting pay range of Colorado applicants for this role is $114,000- $150,000. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, licenses and certifications, and specific work location. Information on benefits offered is here.
About Rackspace TechnologyWe are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future. More on Rackspace TechnologyThough we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.
Tags: AES Application security AWS Azure Cloud Computer Science Cyber defense Encryption Exploits Firewalls Forensics GCFA GCIA GCIH GCP GIAC GSEC IDS Incident response IPS Linux Log files Monitoring Network security Open Source Reverse engineering Risk management SANS Scripting SQL Strategy TCP/IP Threat intelligence UNIX Vulnerabilities Windows XSS
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs