Lead Forensic Analyst

Rackers:  Valued members of a winning teamOur employees, affectionately called “Rackers,” are our true strength and differentiator. As valued members of a winning team on an inspiring mission, Rackers make a real difference for our customers. It’s why we’re frequently recognized as an employer of choice by global industry-leading programs, including Great Place to Work, Forbes and Fortune.  They embody our Core Values, demonstrating that Fanatical Experience is:·       Excellence. We are an accountable, disciplined, high-performing company with proven results.·       Customer-driven. We are proactive, collaborative and committed to success for our customers.·       Expertise. Rackers are passionate learners who are embedded in our customers’ businesses to provide unbiased solutions.·       Agility. We adopt new technologies and evolve services to meet customers where they are in their journey.·       Compassion. We’re one team doing the right thing for our customers, communities and each other. Position Overview: We are hiring for a Lead Forensic Analyst.  In this role you’ll perform real-time monitoring and analysis of security events from multiple sources. Identify source or cause and provide recommendations for secure infrastructure through policy, practices, risk management, engineering, and improved operations. Responsible for adhering to company security policies and procedures and any other relevant policies and standards as directed. Work Location:  100% remote from within the continental United States
Key Duties and Responsibilities:·       Lead the triage of security events; review and update incident response processes and policies·       Review and update processes and procedures for monitoring and analysis of log files·       Serve as the technical escalation expert and mentor for lower-level analysts·       Maintain a deep awareness of the current threat landscape; evaluate monitoring and analysis activities, ensuring inclusion of new and emerging threats and risks·       Create knowledge base articles for handling low and medium severity incidents·       Create and review queries to search for advanced threats·       Collaborate with intelligence analysts to correlate threat assessment data·       Lead and conduct research, analysis, and correlation across a wide variety of all source data sets to hunt for malicious activity in customer environments.·       Lead and participate in the Incident Response Team to investigate and remediate active threats while accurately documenting results using standard incident response technique·       Collect and analyze intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise·       Lead and conduct analysis of log files, evidence, and other information to determine best methods for identifying network intrusion·       Review and confirm details and data about intrusions and discover new information, if possible, after identifying intrusion; respond and communicate to customers during process·       Interact with security community to provide and obtain technical cyber threat intelligence; track cyber threat actors/campaigns based on technical analysis and open source/third party intelligence·       Research and track new exploits and cyber threats; conduct cursory and/or in-depth computer forensic investigations (i.e. packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate to receive hand-offs/escalations·       Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering·       Write and publish after action reviews·       Provides deep expertise and a broad view of the organization to optimize linkages between structure, people, process, and technology·       Develops strategies to bring new technologies, applications, and process changes to life·       Recognized as an expert within the company and requires in-depth and/or breadth of expertise in own job discipline and broad knowledge of other job disciplines within the organization function·       Solves unique problems that have a broad impact on the business·       Contributes to the development of organizational sub-function strategy·       Progression to this level is typically restricted on the basis of business requirements  Required Knowledge:·       Expert knowledge of Cybersecurity principles, threats, and vulnerabilities·       Expert knowledge of incident response methodologies·       Expert knowledge of cyber investigative techniques·       Deep understanding and continued learning of current cyber threat trends·       Expert knowledge of computer networking concepts and protocols, and network security methodologies·       Expert knowledge of Expert physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, NICs, Data storage)·       Expert knowledge of defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).·       Expert knowledge of virtualization and cloud-based Infrastructure (AWS, Azure, GCP)·       Expert knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files·       Expert knowledge of networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications·       Expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Expert Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA])·       Expert knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)·       Advanced knowledge of types of digital forensics data and how to recognize them·       Regarded as the technical expert in their job discipline within the organization·       Requires in-depth and/or breadth of expertise in own job discipline and broad knowledge of other job disciplines within the organization function·       Anticipates business and regulatory issues; recommends product, process or service improvements  Required Skills: ·       Intermediate system administration, network, and operating system hardening techniques·       Expert skills in hacking methodologies and conducting forensic analyses in Windows or Unix/Linux environment·       Expert skills in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)·       Expert skills in Security Information and Event Management tools - Searching, aggregating, and correlating data·       Demonstrated effective oral and written communication skills·       Demonstrated effective problem solving & analytical skills·       Team player, willing to work with and mentor others in sharing information to help increase overall team knowledge and abilities  Experience:  ·       Minimum of 12 years of experience in cyber security·       5+ years of experience analyzing host and network-based logged events (i.e. firewall, IPS/IDS, Windows, Web, proxy, and mail filtering)·       5+ years of experience in a Security Operations Center·       Experience reviewing and updated incidence response processes and protocols Education/Certification:·       Bachelor's Degree in Computer Science, Management Information Systems, or a related technical field.  Highly prefer an Advanced Degree in Cyber Security·       At the Manager's discretion, 4 years of additional related experience may substitute for the degree requirement; if substitution allowed, regional equivalent to High School Diploma is required.·       Sec+, GSEC, and Net+ certifications required·       Prefer completion of SANS GIAC/GCIA/GCIH/GCFA, etc. or other network/system security certificationsThe following information is required by the Colorado Equal Pay Transparency Act and applies only to individuals working in the state of Colorado. The anticipated starting pay range of Colorado applicants for this role is $114,000- $150,000.  Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, licenses and certifications, and specific work location. Information on benefits offered is here.

About Rackspace TechnologyWe are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.  More on Rackspace TechnologyThough we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.