Soc Analyst L3

About Rackspace Cyber Defence Rackspace Cyber Defence is our next generation cyber defence and security operations capability that builds on 20 years of securing customer environments to deliver proactive risk-based threat-informed and intelligence driven security services Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises private cloud public cloud and multi-cloud workloads Our goal is to go beyond traditional security controls to deliver cloud-native DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive threat-informed risk-based intelligence-driven approach to detecting and responding to threats Our mission is to help our customers Proactively detect and respond to cyber-attacks - 24x7x365 Defend against new and emerging risks that impact their business Reduce their attack surface across private cloud hybrid cloud public cloud and multi-cloud environments Reduce their exposure to risks that impact their identity and brand Develop operational resilience Maintain compliance with legal regulatory and compliance obligations What we re looking for To support our continued success and deliver a Fanatical Experience TM to our customers Rackspace Cyber Defence is looking for an Indian based Security Operations Analyst L3 to support Rackspace s strategic customers This role is particularly well-suited to a self-starting experienced and motivated Sr Sec Ops Analyst who has a proven record of accomplishment in the cloud security monitoring and incident detection domain As a Security Operations Analyst L3 you will be responsible for detecting analysing and responding to threats posed across customer on-premises private cloud public cloud and multi-cloud environments The primary focus will be on triaging alerts and events incident detection which may indicate malicious activity and determining if threats are real or not You will also be required to liaise closely with the customer s key stakeholders which may include incident response and disaster recovery teams as well as information security Key Accountabilities Should have experience of 10 years in SOC and 5 years in Azure Sentinel Ensure the Customer s operational and production environment remains secure at all the times and any threats are raised and addressed in a timely manner Critical incident handling closure Escalation management and handling escalations from L2 Analysts Proactive discovery of threats based on MITRE ATT CK framework Deep investigation and analysis of critical security incidents Post breach forensic incident analysis reporting Review the weekly and monthly reports Review new use cases created by L2 and implement in cloud-native SIEM Security Information and Event Management Assist with customer onboarding such as use case development identifying data sources configuring data connectors etc Advanced threat hunting Develop custom dashboards and reporting templates Develop complex to customer specific use cases Advanced platform administration Solution recommendation for issues Co-ordinate with vendor for issue resolution Basic and intermediate playbook and workflow enhancement Maintain close working relationships with relevant teams and individual key stakeholders such as incident response and disaster recovery teams as well as information security etc Develop the custom parsers for the incident and alert enrichment Problem specific playbook and workflow creation and enhancements Required to work flexible timings Skills Experience Existing experience as a Security Operations Analyst or equivalent Experience of working in large scale public cloud environments and with using cloud native security monitoring tools such as - o Microsoft Sentinel o Microsoft 365 Defender o Microsoft Defender for Cloud o Endpoint Detection Response EDR tools such as Crowdstrike Microsoft Defender for Endpoint o Firewalls and network security tools such as Palo Alto Fortinet Juniper and Cisco o Web Application Firewall WAF tools such as Cloudflare Akamai and Azure WAF o Email Security tools such as Proofpoint Mimecast and Microsoft Defender for Office o Data Loss Prevention DLP tools such as Microsoft Purview McAfee and Symantec o Nice to have skills experience includes Google Cloud Platform GCP security tools such as Chronicle and Security Command Centre Amazon Web Services AWS security tools such as Security Hub AWS Guard Duty AWS Macie AWS Config and AWS CloudTrail Experience of analysing malware and email headers and has skills in network security intrusion detection and prevention systems operating systems risk identification and analysis threat identification and analysis and log analysis Experience of security controls such as network access controls identity authentication and access management controls IAAM and intrusion detection and prevention controls Knowledge of security standards good practice such as NIST ISO27001 CIS Center for Internet Security OWASP and Cloud Controls Matrix CCM etc Experience with scripting and coding with languages such as Terraform python javascript golang bash and or powershell Experience with DevOps practices and tools such as Backlogs Repo s Pipelines Artifacts CI CD JIRA Azure DevOps CircleCI GitHub Actions Ansible and or Jenkins Computer science engineering or information technology related degree although not a strict requirement Holds one or more of the following certificates or equivalent - o Certified Information Security Systems Professional CISSP o Microsoft Certified Azure Security Engineer Associate AZ500 o Microsoft Certified Security Operations Analyst Associate SC-200 o CREST Practitioner Intrusion Analyst CPIA o CREST Registered Intrusion Analyst CRIA o CREST Certified Network Intrusion Analyst CCNIA o Systems Security Certified Practitioner SSCP o Certified Cloud Security Professional CCSP o GIAC Certified Incident Handler GCIH o GIAC Security Operations Certified GSOC A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail A great analyser trouble-shooter and problem solver who understands security operations programming languages and security architecture Highly organised and detail oriented Ability to prioritise multitask and work under pressure An individual who shows a willingness to go above and beyond in delighting the customer