Rackspace Technology

Cyber Threat Intelligence Analyst

Rackspace Technology

full-time

Posted on:

Origin:  • 🇮🇳 India

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

AzureCloudCyber SecurityJavaScriptLinuxPython

About the role

  • Lead and perform proactive threat hunting across multiple customers or organizational estates using available data and threat intelligence.
  • Create, test, and iterate threat hunting hypotheses to uncover undetected malicious activity.
  • Leverage Cyber Threat Intelligence (CTI) feeds and tooling to track threat actor TTPs and deliver contextual insights relevant to the organization.
  • Design and implement custom detection rules in SIEM platforms, particularly Microsoft Sentinel.
  • Handling Cloud Sek Platform incidents (Dark web detections, Credential Leaks, Compromised Computer.)
  • Collaborate with detection engineers, SOC analysts, and other stakeholders to improve detection content and response workflows.
  • Contribute to incident response activities by supporting triage, investigation, and root cause analysis of cybersecurity events.
  • Support risk and threat modelling initiatives by providing timely threat input and context.
  • Deliver timely high-quality reporting (including executive briefings and technical analysis) on emerging threats and threat actor trends.
  • Manage and curate threat intelligence watchlists, enrich detections with threat data, and assist SOC teams with relevant contextual insights.
  • Support insider threat monitoring and vulnerability risk assessments.
  • Participate in detection engineering efforts by identifying opportunities for new or enhanced analytics.
  • Communicate threat relevance to technical and non-technical stakeholders clearly and concisely.
  • Maintain an active awareness of the evolving cyber threat landscape, particularly as it pertains to your sector.
  • Liaise with Corporate Enterprise Security for indicator and threat sharing.
  • Drive iterative non-technical process improvement and documentation to minimize process friction to eliminate waste and drive consistency.

Requirements

  • 3-5 years in Threat Hunting and Cyber Threat Intelligence
  • Experience in analyzing large datasets for threat patterns
  • Strong understanding of threat actor behaviours, attack chains, and TTPs
  • Practical experience using SIEM platforms (ideally Microsoft Sentinel) and writing KQL queries
  • Strong Handon on Exp on Cloud Sek Platform
  • Understanding of threat modelling, risk management, and MITRE ATT&CK framework
  • Experience supporting or collaborating with Security Operations Center (SOC) teams
  • Understanding of Windows and/or Linux telemetry and analysis techniques
  • Knowledge of network protocols and how they may be exploited
  • Experience executing security incident response workflows and processes
  • Ability to triage and respond to threat intelligence alerts from multiple sources
  • Strong written and verbal communication skills to effectively deliver technical and executive-level briefings
  • Familiarity with Microsoft Defender XDR Suite (Defender for Cloud, Server, Endpoint, Office 365, Identity)
  • Crowdstrike, Falcon
  • Qualys
  • Familiarity with Microsoft Entra, Purview, and Azure technologies
  • Knowledge of NIST CSF, and other common security frameworks
  • Experience working with STIX and TAXII or equivalent for TI normalization and sharing
  • Familiarity with scripting (python, JS, Powershell) for automation/analysis data processing
  • Relevant certifications: Microsoft: SC-200, AZ-500, MS-500, SC-300; GIAC: GCTI, GCFA, GREM, GCIA; Other: CISSP, CISA, CISM, CompTIA Security+/Cloud+, CCSK