Job Description :
Job ID: Sigma, Rackspace_ Security Analyst 2_ ITP20190509-02
Job Title: Security Analyst 2
Locations: Austin, TX and San Antonio, TX
On-site/Remote: Onsite
Duration: 6 Months


Supervise monitoring of security events and alerts received from ISOC security tools.
Manage end user reported incidents.
Responsible for the first line of security incident response within the Client ISOC.
Hunt for suspicious activity based on anomalous activity and indicators of compromise from various intelligence feeds and toolsets.
Serve as the technical escalation point and mentor for lower-level analysts.
Provide communication and escalation throughout an incident per the ISOC Standard Operating Procedures.
Report potential and actual security violations and provide recommendations.
Communicate directly with end users and asset owners.
Perform in-depth analysis of log files, systems, and network traffic.
Maintain a strong awareness of the current threat landscape.
Create knowledge base articles for handling low severity incidents.


Strong knowledge and understanding of network protocols and devices.
Experience in intrusion analysis and incident response.
Strong experience with Mac OS, Windows, and Unix systems.
Demonstrable problem solving, analytical skills and attention to detail.
Strong verbal and written communication skills.
Packet and log analysis.
Ability to handle high pressure situations in a productive and professional manner.
Document and conform to processes related to security monitoring.
Provide incident investigation, handling, and response to include incident documentation.
Strong time management, skills with the ability to multitask.
Ability to work a flexible work schedule, including weekends.
Provide training and mentorship to lower-level security analysts.
Provide tuning recommendations for security tools to tool administrators.
Provide tuning recommendations for security tools to tool administrators.

Strong knowledge of the following:

SIEM, Packet Analysis, SSL Decryption, Malware Detection,HIDS/NIDS, Network Monitoring Tools, Case Management System, Knowledge Base, Web Security Gateway, Email Security, Data Loss Prevention, Anti-Virus, Network Access Control, Encryption, Vulnerability Identification.


Monitors global NIDS, Firewall, and log correlation tools for potential threats.
Initiates escalation procedure to counteract potential threats/vulnerabilities.
Provides incident remediation and prevention documentation.
Documents and conforms to processes related to security monitoring.
Provides performance metrics as necessary.
Provides customer service that exceeds our customers? expectations.

SUPERVISION: General instruction on routine tasks, detailed instruction on new assignments.


Bachelor?s degree in Computer Science or equivalent combination of education and experience required.
GCIA required. GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred.
2-4 years of experience in a security operations center (SOC) environment required.
Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.
Basic system administration skills.
Experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.
Experience in creating Snort signatures required.


General office environment.
May require long periods sitting and viewing a computer monitor.
Moderate levels of stress may occur at times.
No special physical demands required.
Occasional domestic travel, less than 10%.