SOC Analyst L2 (Sentinel is mandatory)

extra holidays - extra parental leave - fully flexible
Work set-up: 
Full Remote
Contract: 
Full time
Experience: 
Mid-level (2-5 years)
Work from: 
India

Offer summary

Qualifications:

4-7 years of experience as a SOC analyst., Proficiency with cloud security monitoring tools like Microsoft Sentinel and Defender., Knowledge of security standards such as NIST, ISO27001, and CIS., Relevant certifications such as CISSP, AZ500, or SC-200..

Key responsibilities:

  • Detect, analyze, and respond to security threats across cloud environments.
  • Triaging alerts and incidents to determine malicious activity.
  • Liaising with stakeholders including incident response teams.
  • Creating and maintaining security documentation and reports.

Rackspace Technology logo
Rackspace Technology Large https://www.rackspace.com
5001 - 10000 Employees
See all jobs

Job description

About Rackspace Cyber Defence
Rackspace Cyber Defence is our next generation cyber defence and security operations capability that builds on 20+ years of securing customer environments to deliver proactive, riskbased, threatinformed and intelligence driven security services.
Our purpose is to enable our customers to defend against the evolving threat landscape across onpremises, private cloud, public cloud and multicloud workloads.
Our goal is to go beyond traditional security controls to deliver cloudnative, DevOpscentric and fully integrated 24x7x365 cyber defence capabilities that deliver a proactive, threatinformed, riskbased, intelligencedriven approach to detecting and responding to threats.
Our mission is to help our customers:
Proactively detect and respond to cyberattacks – 24x7x365.
Defend against new and emerging risks that impact their business.
Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multicloud environments.
Reduce their exposure to risks that impact their identity and brand.
Develop operational resilience.
Maintain compliance with legal, regulatory and compliance obligations.


What we’re looking for
  • To support our continued success and deliver a Fanatical Experience™ to our customers, Rackspace Cyber Defence is looking for an Indian based Security Operations Analyst(L2) to support Rackspace’s strategic customers.
  • This role is particularly wellsuited to a selfstarting, experienced and motivated Sec Ops Analyst, who has a proven record of accomplishment in the cloud security monitoring and incident detection domain.
  • As a Security Operations Analyst(L2), you will be responsible for detecting, analysing, and responding to threats posed across customer onpremises, private cloud, public cloud, and multicloud environments.
  • The primary focus will be on triaging alerts and events (incident detection), which may indicate malicious activity, and determining if threats are real or not. You will also be required to liaise closely with the customer’s key stakeholders, which may include incident response and disaster recovery teams as well as information security.


  • Key Accountabilities
  • Should have experience of 47years in SOC.
  • Ensure the Customer’s operational and production environment remains secure at all the times and any threats are raised and addressed in a timely manner.
  • Critical incident analysis & validation
  • Platform management tasks like checking the health status and basic troubleshooting.
  • Create new runbooks, playbooks and knowledgebase documents.
  • Trend monitoring & analysis
  • Threat and vulnerability impact analysis
  • Reactive discovery of adversaries based on threat advisory or intelligence reports.
  • Compliance reporting
  • Onboarding of log sources
  • Rule and dashboard enhancements
  • Basic threat hunting
  • Created and manage the watchlists.
  • Handling escalations from L1 Analysts
  • Review the L1 handled Incident and prepare individual scorecards.
  • Prepare and review the weekly and monthly reports.
  • Coordinate with vendor for issue resolution
  • Use of threat intelligence platforms such as OSINT, to understand latest threats. Researching and analysing the latest threats to better understand an adversary’s tactics, techniques, and procedures (TTPs).
  • Automation of security processes and procedures to enhance and streamline monitoring capabilities.
  • Ensure all Zero Day vulnerabilities are resolved within agreed SLA (Service Level Agreement) periods by respective teams which was reported by L2 Analyst team.
  • Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc.
  • Required to work in 247 Rotational shift.

  • Skills & Experience
  • Existing experience as a Security Operations Analyst, or equivalent.
  • Experience of working in large scale, public cloud environments and with using cloud native security monitoring tools such as:
  • Microsoft Sentinel
  • Microsoft 365 Defender
  • Microsoft Defender for Cloud
  • Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint.
  • Firewalls and network security tools such as Palo Alto, Fortinet, Juniper, and Cisco.
  • Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF.
  • Email Security tools such as Proofpoint, Mimecast and Microsoft Defender for Office
  • Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee and Symantec
  • Nice to have skillsexperience includes:
  • Google Cloud Platform (GCP) security tools such as Chronicle and Security Command Centre
  • Amazon Web Services (AWS) security tools such as Security Hub, AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail
  • Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis.
  • Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls.
  • Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc.
  • Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash andor powershell.
  • Knowledge of DevOps practices such as CICD, Azure DevOps, CircleCI, GitHub Actions, Ansible andor Jenkins.
  • Computer science, engineering, or information technology related degree (although not a strict requirement)
  • Holds one, or more, of the following certificates (or equivalent):
  • Certified Information Security Systems Professional (CISSP)
  • Microsoft Certified: Azure Security Engineer Associate (AZ500)
  • Microsoft Certified: Security Operations Analyst Associate (SC200)
  • CREST Practitioner Intrusion Analyst (CPIA)
  • CREST Registered Intrusion Analyst (CRIA)
  • CREST Certified Network Intrusion Analyst (CCNIA)
  • Systems Security Certified Practitioner (SSCP)
  • Certified Cloud Security Professional (CCSP)
  • GIAC Certified Incident Handler (GCIH)GIAC
  • Security Operations Certified (GSOC)
  • A highly selfmotivated and proactive individual who wants to learn and grow and has an attention to detail.
  • A great analyser, troubleshooter and problem solver who understands security operations, programming languages and security architecture.
  • Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure.
  • An individual who shows a willingness to go beyond in delighting the customer.
  • A good communicator who can explain security concepts to both technical and nontechnical audiences.
    •

    Required profile

    Experience

    Level of experience: Mid-level (2-5 years)
    Spoken language(s):
    English
    Check out the description to know which languages are mandatory.

    Hard Skills

    Cloud ComputingAzure SecurityThreat AssessmentJuniper M Series (Juniper Networks)Cisco NetworkingCloudflareData Loss PreventionEndpoint Detection And ResponsePalo Alto WildfireFortinetSymantec AltirisMessaging SecurityMcAfee Enterprise Security ManagerAntivirus SoftwareApplication FirewallAkamaiAmazon Web ServicesISO 13485 StandardNIST 800Network SecurityJavaScript (Programming Language)JenkinsLog AnalysisWindows PowerShellAnsibleGoogle Cloud Platform (GCP)Python (Programming Language)CircleciThreat DetectionBash (Scripting Language)CI/CDRisk AnalysisTerraformMalware AnalysisAzure DevOpsIntrusion Detection And Prevention

    Other Skills

    • Incident Reporting
    • Calmness Under Pressure
    • Communication
    • Multitasking
    • Organizational Skills
    • Detail Oriented
    • Problem Solving
    Are you interested?

    Related jobs

    See more jobs