Security Engineer L2 (Endpoint Security)

What we’re looking for

• To support our continued success and deliver a Fanatical Experience™ to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Endpoint Security to support Rackspace’s strategic customers.
• This role is particularly well-suited to a self-starting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of enterprise-level Endpoint Security platforms or delivering Managed Endpoint Detection & Response (EDR) services to customers.
• The primary focus will be on the design, implementation, management, operation and continuous improvement of cloud-native Endpoint Detection & Response (EDR) platforms such as Crowdstrike Falcon or Microsoft Defender for Endpoint; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers.
• You will also be required to liaise closely with the customer’s key stakeholders, which may include incident response and disaster recovery teams as well as information security.

Skills & Experience

• Should have 8+ years experience in Security Engineering.
• Experience working in either large, enterprise environments or managed security services environments with a focus on Endpoint Detection & Response.
• Experience of working with cloud native Endpoint Security and Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint and/or Microsoft Defender for Cloud.
• Experience of working in two (or more) of the following additional security domains:
• SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc.
• AWS (Amazon Web Services) Security Hub including AWS Guard Duty, AWS Macie, AWS Config and AWS CloudTrail .
• Experience of analysing malware and email headers, and has skills in network security, intrusion detection and prevention systems; operating systems; risk identification and analysis; threat identification and analysis and log analysis.
•  Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls.
• Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc.
• Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell.
• Knowledge of Malware reverse engineering, threat detection and threat hunting.
• Computer science, engineering, or information technology related degree (although not a strict requirement)  
• Holds one, or more, of the following certificates (or equivalent): - 
• Microsoft Certified: Azure Security Engineer Associate (AZ500) 
• Microsoft Certified: Security Operations Analyst Associate (SC-200) 
• Systems Security Certified Practitioner (SSCP) 
• Certified Cloud Security Professional (CCSP) 
• GIAC Certified Incident Handler (GCIH) 
• GIAC Security Operations Certified (GSOC) 
• CrowdStrike admin Certified
• A highly self-motivated and proactive individual who wants to learn and grow and has an attention to detail.
• A great analyser, trouble-shooter and problem solver who understands security operations, programming languages and security architecture.
• Highly organised and detail oriented. Ability to prioritise, multitask and work under pressure.
• An individual who shows a willingness to go above and beyond in delighting the customer.
• A good communicator who can explain security concepts to both technical and non-technical audiences.

Key Accountabilities

• Ensure the Customer’s operational and production environment remains healthy and secure at all the times.
• Assist with customer onboarding – customer/device onboarding, policy configuration, platform configuration and service transition to security operations team(s).
• Advance platform administration.
• Critical platform incident handling & closure.
• As an SME, act as an L3 escalation and point of contact for SecOps Analysts during an incident response process
• As an SME, act as a champion and centre of enablement by delivering training, coaching and thought leadership across Endpoint Security and Endpoint Detection & Response.
• Develop and document runbooks, playbooks and knowledgebase articles that drive best practice across teams.
• Drive continuous improvement of Rackspace Managed EDR services through custom development, automation and integration; in collaboration with SecOps Engineering and other Security Engineering team(s)
• Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc.
• Co-ordinate with vendor for issue resolution.
• Required to work flexible timings.