SecOps Engineer L3 (Security Automation Devop)

Role Name - SecOps Engineer L3 (Security Automation Devop)Location - IND-Gurgaon, DLF CybercityEligible for Remote Work - NoWork Pattern- 24/7 About Rackspace Cyber DefenceRackspace Cyber Defence is our next generation cyber defence and security operations capability that builds on 20+ years of securing customer environments to deliver proactive, risk-based, threat-informed and intelligence driven security services. Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads.Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive, threat-informed, risk-based, intelligence-driven approach to detecting and responding to threats.Our mission is to help our customers:·        Proactively detect and respond to cyber-attacks – 24x7x365.·        Defend against new and emerging risks that impact their business.·        Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments.·        Reduce their exposure to risks that impact their identity and brand.·        Develop operational resilience.·        Maintain compliance with legal, regulatory and compliance obligations.What we’re looking forTo support our continued success and deliver a Fanatical Experience™ to our customers, Rackspace Cyber Defence is looking for an Indian based SecOps Engineer (Security Automation) to support Rackspace’s strategic customers. This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, development and continuous improvement of security automation tools and platforms.As a SecOps Engineer (Security Automation), you will apply a DevOps-centric approach to designing, developing and continuously improving security automation scripts, tools and platforms that accelerate the detection, containment, eradication and recovery from cyber-attacks experienced by Rackspace Customers.You will work in collaboration with key stakeholders across Rackspace Cyber Defence Center, Rackspace Public Cloud, Rackspace Private Cloud, and Rackspace Customers to identify opportunities to accelerate service delivery through the practical application of automation.Key Accountabilities·        Ensure the Customer’s operational and production environment remains healthy and secure at all the times.Design, develop, maintain, and continuously improve security automation scripts, tools and platforms that accelerate service delivery to Rackspace Customers.Design, develop, maintain and continuously improve security automation scripts, tools and platforms that accelerate the detection, containment, eradication and/or recovery from cyber-attacks.Design, develop, maintain and continuously improve the automation of manual processes through code, low-code and zero-code tooling.Apply a DevOps-centric approach to managing, prioritizing, and delivering against using appropriate tools such as JIRA, Azure Boards or GitHub Projects. Develop and maintain documentation, knowledgebase articles and GitHub repositories relating to security automation.Troubleshoot and resolve issues related to playbooks and automations.Proactively identify opportunities and provides recommendations to automate processes and workflows.Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc.Skills & Experience·        Should have 7-13 years of experience designing, developing, maintaining and continuously improving automation tools (ideally, within a security or security operations environment.)·        Experience with scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell.·        Experience with DevOps practices and tools such as Backlogs, Repo’s, Pipelines, Artifacts, CI/CD, JIRA, Azure DevOps, CircleCI, GitHub Actions, Ansible and/or Jenkins.·        Experience with two (or more) of the following SOAR (Security Orchestration & Automated Response) Platforms:·        Microsoft Sentinel·        Azure LogicApps·        Azure Functions·        ServiceNow SecOps, ·        XSOAR, ·        Phantom, ·        Forti SOAR,·        Simplify etc.·        Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis. ·        Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls. ·        Knowledge of Container related tools such as Docker, Kubernetes and GitOps·        Knowledge of two or more of the following security operations domains:o   Security Incident & Event Management (SIEM) platforms such as Microsoft Sentinel, Google Chronicle and Splunko   Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint.o   Firewalls and network security tools such as Palo Alto, Fortinet, Juniper, and Cisco.o   Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF.o   Email Security tools such as Proofpoint, Mimecast and Microsoft Defender for Officeo   Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee and Symantec·        Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Centre for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc. ·        Be comfortable presenting their coding and design decisions to peers early and often.·        Computer science, engineering, or information technology related degree (although not a strict requirement)  Holds one, or more, of the following certificates (or equivalent): - o   Certified Information Security Systems Professional (CISSP) o   Microsoft Certified: Azure Security Engineer Associate (AZ500) o   Microsoft Certified: Security Operations Analyst Associate (SC-200) o   CREST Practitioner Intrusion Analyst (CPIA) o   CREST Registered Intrusion Analyst (CRIA) o   CREST Certified Network Intrusion Analyst (CCNIA) o   Systems Security Certified Practitioner (SSCP) o   Certified Cloud Security Professional (CCSP) o   GIAC Certified Incident Handler (GCIH) o   GIAC Security Operations Certified (GSOC) About Rackspace TechnologyWe are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.  More on Rackspace TechnologyThough we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.