Threat Intelligence Analyst III - US

Responsible for ensuring that Rackspace identifies and assesses threats to its network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.** Experience with Opensource** Experience with Intel Platforms** Darkweb Experience

Responsibilities

• Leads efforts to assess and disseminate information on threats related to the enterprise in regard to current vulnerability by managing and developing an emerging threat model.
• Keeps up-to-date knowledge of new and emerging threats that can affect the organization's information assets through OSINT and commercial research and documents these findings in briefings which are presented to leadership.
• Reviews other team members threat intelligence documentation and provides feedback and opportunities for enrichment. Uses this information to identify patterns and develop strategic recommendations to improve the threat intelligence program at Rackspace.
• Documents threat intelligence research and observations in tickets and written artifacts, identifies mitigating/ compensating controls, and applies detection sets to the tooling.
• Works closely with systems administrators on monitoring and performance issues for optimization purposes.
• Drive security monitoring tuning in effort to eliminate false positives.
• Collaborate with system owners for areas of responsibility in effort to baseline environments.
• Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network. Leads threat analysis activities during response activities related to computer security incidents.
• Provide accurate and priority driven analysis on cyber activity/threats. Perform payload analysis of packets. Detonate malware to assist with threat research.
• Provides analysis of proposed countermeasures/detection activities and determines the best course of action. Implements or provides guidance to other team members on how to implement the actions identified.
• Collaborates with incident response analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity.
• Participate in root cause analysis or lessons learned sessions.
• Write technical articles for knowledge sharing.
• Monitor threat actors and related threat objects for items of interest to Rackspace and keep information up to date. Work with the ISOC teams to emulate attacker activity.
• Deploys new rules and rule sets as released by the vendors and works with the ISOC teams to implement applicable Indicators of Compromise (IOCs) into tooling.
• Creates and disseminates guidance on the teams activities including developing Standard Operating Procedures (SOPs) and other runbooks.
• Perform product evaluations and provide feedback on security products and services.
• Represent Security Operations interests while building and maintaining successful relationships across multiple teams.

Knowledge

• Significant practical experience with Linux and Windows operating systems.
• Significant practical experience with networking protocols and systems administration.
• Significant practical experience with log, network, and system forensic investigation techniques.
• Significant practical experience with TCP/IP Networking and knowledge of the OSI model.
• Significant practical experience with Intrusion Detection/Prevention Systems and custom rule writing.
• Practical experience with packet analysis (Wireshark) and malware analysis.
• Practical experience with common programming or scripting languages, including applying concepts to develop automation.
• Significant practical experience identifying common indicators of compromise and of methods for detecting these incidents.
• Significant practical experience monitoring threats via a SIEM console.
• Significant practical experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs.
• Experience with leveraging all source intelligence analysis.
• Strong attention to detail.
• Strong verbal and written communication skills.
• Excellent problem solving, critical thinking, and analytical skills - ability to de-construct problems.

Expereience

• Typically requires 7+ years experience performing threat research and implementation of rules and IOCs into tooling.
• Experience applying ethical hacker techniques, phishing schemes, evaluating emerging logical security threats, and compromised server techniques preferred
• Current GREM, GCIH, GCIA Certifications and related certifications preferred

The following information is required by the Colorado Equal Pay Transparency Act, New York City Pay Transparency Act, Washington Pay Transparceny Act and California Pay Transparency Act. This applies only to individuals working in the state of Colorado, Washington, California and New York City. The anticipated starting pay range of Colorado, California, Washington and New York City applicants for this role is $103,100-$137,000 for CO and $112,500 – $150,100 for NYC, WA and CA. Unless already included in the posted pay range and based on eligibility, the role may include variable compensation in the form of bonus, commissions, or other discretionary payments. These discretionary payments are based on company and/or individual performance and may change at any time. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, licenses and certifications, and specific work location. Information on benefits offered is here.#LI-STORM#LI-DNIAbout Rackspace TechnologyWe are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.  More on Rackspace TechnologyThough we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.