Rackspace Cyber Defense seeks a Security Lead to manage a multi-disciplinary SOC serving their customers.  Responsibilities include managing a team of first responders, ensuring customer environment security, identifying critical assets, implementing and enhancing security tooling (including Sentinel), utilizing threat intelligence platforms, automating security processes, resolving vulnerabilities within SLAs, providing reporting and analysis (including breach root cause analysis), collaborating with other teams, and handling critical incidents.  Advanced threat hunting, post-breach forensic analysis, and customer onboarding are also key aspects. The role requires in-depth knowledge of customer environments and strong communication skills.

Rackspace Technology

Data Science Trainee

Principal MLOps Engineer

Customer Data Engineer II

Software Engineer IV

Senior DevOps Engineer (AWS)

SAP FICO Business Systems Consultant IV

Marketing Operations Analyst II

Marketing Operations & Technology Manager

Trainee Cloud Engineer

<div class="section page-centered" data-qa="job-description"><div><br></div><div><b style="font-size: 18pt;">Rackspace Cyber Defense </b></div><div><br></div><div><b style="font-size: 16pt;">Security Lead, Security Operations </b></div><div>Shift Timings: 6:30 pm to 3:30 am IST </div><div><br></div><div><b style="font-size: 12pt;">&nbsp;</b></div><div>About Rackspace Cyber Defence</div><div><br></div><div>Rackspace Cyber Defence is our next generation cyber defense and security operations capability that builds on 20+ years of securing customer environments to deliver proactive, risk-based, threat-informed and intelligence-driven security services.&nbsp; </div><div><br></div><div><br></div><div><b>Our purpose</b> is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud, and multi-cloud workloads. </div><div><br></div><div><b>Our goal</b> is to go beyond traditional security controls to deliver cloud-native, DevOps-centric, fully integrated 24x7x365 cyber defense capabilities that deliver a <b>proactive</b>, <b>threat-informed</b>, <b>risk-based</b>, <b>intelligence-driven</b> approach to detecting and responding to threats. </div><div><br></div><div><br></div><div><b>Our mission</b> is to help our customers: </div><div><br></div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Proactively detect and respond to cyber-attacks – 24x7x365. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Defend against new and emerging risks that impact their business. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multi-cloud environments. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Reduce their exposure to risks that impact their identity and brand. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Develop operational resilience. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Maintain compliance with legal, regulatory and compliance obligations. </div><div>&nbsp;</div><div><br></div><div><b>What we’re looking for</b></div><div><br></div><div>To support our continued success and deliver a Fanatical Experience™ to our customers, Rackspace Cyber Defence is looking for a Security Lead for security Operations.&nbsp; </div><div><br></div><div>This role is particularly well-suited to a self-starting, experienced, and motivated Security Lead, who is commercially aware, service-oriented, and has a proven record of accomplishment in delivering and managing a security operations centre (SOC.)&nbsp; </div><div><br></div><div>The Security Lead will be the face of Rackspace’s security services and responsible for the leadership and management of a multi-disciplinary security operations center (SOC) that serve Rackspace Cyber Defense customers. </div><div>&nbsp;</div><div><br></div><div><b>Key Accountabilities </b></div><div><br></div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Should have experience of 14 years in SOC and Security Eng. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Managing a team of first responders, as part of a resolver group (or pod), you will ensure the Customer’s operational and production environment remains secure and any threats are raised and addressed promptly. This can include monitoring at both the network and application level. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Identification of a customer’s critical assets using technical tools and interviews. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Use of, enhancement of, or implementation of new, relevant technology tooling to ensure a customer’s configuration and security policies are enforced. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Use of threat intelligence platforms such as OSINT, to understand the latest threats. Researching and analysing the latest threats to better understand an adversary’s tactics, techniques, and procedures (TTPs). </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Automation of security processes and procedures to enhance and streamline monitoring capabilities. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Ensure any reported vulnerabilities are resolved within agreed SLA timeframes. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>In-depth knowledge of each Rackspace customer’s environment. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Providing relevant reporting and analysis (including breach root cause analysis, if required) to customers, on an agreed frequency. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>May be required to work flexible working hours. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Critical Incident Handling &amp; Closure and Deep investigation and analysis of critical security incidents. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Post-breach forensic incident analysis reporting and Advanced threat hunting. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Assist with customer onboarding – loading of feeds, etc. to Sentinel.&nbsp; </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Develop custom dashboards and reporting templates and Develop complex to customer-specific use cases. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Advanced platform administration and Solution recommendations for issues. </div><div><span style="font-size: 10pt;">•</span><span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Co-ordinate with different teams for issue resolution</div><div>&nbsp;</div><div><b>Skills &amp; Experience </b></div><div><br></div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Experience of managing a team of Security Operations Engineers, or equivalent. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Experience of working in large-scale, public cloud environments and using cloud-native security monitoring tools such as: -&nbsp; Azure Security Centre and Sentinel o GCP Security Command Centre, Chronical.</div><div>o<span style="font-size: 7pt;">&nbsp;&nbsp; </span>AWS Security Hub including AWS Guard Duty, AWS Macie, AWS Config, AWS Security Lake and AWS CloudTrail </div><div>o<span style="font-size: 7pt;">&nbsp;&nbsp; </span>Vulnerability Management: Qualys, Microsoft Defender.</div><div>o<span style="font-size: 7pt;">&nbsp;&nbsp; </span>Endpoint Management: CrowdStrike and Microsoft&nbsp; Defender for Point.</div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Knowledge of security standards (good practice) such as NIST, ISO27001, CIS, OWASP and Cloud Controls Matrix (CCM) etc. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Experience of security controls, such as network access controls; identity, authentication and access management controls (IAAM); and intrusion detection and prevention controls.&nbsp; </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Adept at analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis.&nbsp; </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Computer science, engineering or information technology related degree (although not a strict requirement)&nbsp; </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Holds one, or more, of the following certificates (or equivalent): - o Certified Information Security Systems Professional (CISSP) o Systems Security Certified Practitioner (SSCP) o Certified Cloud Security Professional (CCSP) </div><div>o<span style="font-size: 7pt;">&nbsp;&nbsp; </span>GIAC Certified Incident Handler (GCIH) o GIAC Security Operations Certified (GSOC) </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Highly organized and detail oriented. Ability to prioritise, multitask and work under pressure. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>An individual who shows a willingness to go above and beyond in delighting the customer. </div><div>•<span style="font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>A good communicator who can explain security concepts to both technical and nontechnical audiences.&nbsp;</div></div><div class="section page-centered" data-qa="closing-description"><div><b>About Rackspace Technology</b></div><div>We are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.</div><div>&nbsp;</div><div>&nbsp;</div><div><b>More on Rackspace Technology</b></div><div>Though we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.</div></div><div class="section page-centered" data-qa="closing-description"><div><b>About Rackspace Technology</b></div><div>We are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.</div><div>&nbsp;</div><div>&nbsp;</div><div><b>More on Rackspace Technology</b></div><div>Though we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.</div></div>undefined

SOC Lead (Sentinel experience required)