Cyber Threat Operations Analyst II

Full Time
San Antonio, TX
Areas of Interest: Cyber Operations, Threat Analysis, Vulnerability Assessment and Management
report a problem

Redefining the Way the World Consumes Cloud Computing
Join a community that is building the foundation for tomorrow today.

Rackspace is seeking a Cyber Threat Operations Analyst II to join our growing team in San Antonio, TX.

Primary Responsibility: 

The Rackspace Information Security Operations Center (ISOC) is responsible for ensuring that Rackspace identifies and assesses threats to its network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.

Job Complexity: 

  • Provides significant contributions assessing and disseminating threats related to the enterprise in regards to current vulnerabilities by updating the existing threat information/model.
  • Keeps up-to-date knowledge of new and emerging threats that can affect the organization's information assets through OSINT and commercial research and documents these findings in briefings which are presented to leadership.
  • Reviews other team members threat intelligence documentation and provides feedback and opportunities for enrichment.
  • Documents threat intelligence research and observations in tickets and written artifacts, identifies mitigating/ compensating controls, and applies detection sets to the tooling.
  • Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network. Respond to computer security incidents and conduct threat analysis as directed.
  • Provide accurate and priority driven analysis on cyber activity/threats.
  • Perform payload analysis of packets.
  • Detonate malware to assist with threat research.
  • Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network.
  • Provides input to assist with implementation of counter-measures or mitigating controls.
  • Collaborates with incident response analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity.
  • Participate in root cause analysis or lessons learned sessions.
  • Write technical articles for knowledge sharing.
  • Monitor threat actors and related threat objects for items of interest to Rackspace and keep information up to date.
  • Work with the ISOC teams to emulate attacker activity.
  • Deploys new rules and rule sets as released by the vendors and works with the ISOC teams to implement applicable Indicators of Compromise (IOCs) into tooling.


Experience/ Education: 
Bachelor’s degree in Computer Science or related field required. At the manager’s discretion, additional relevant experience may substitute for the degree requirement. Typically requires 4+ years experience performing threat research and implementation of rules and IOCs into tooling. Experience applying ethical hacker techniques, phishing schemes, evaluating emerging logical security threats, and compromised server techniques preferred. Current GCIA and related certifications preferred.

Knowledge/ Skills / Ability: 

  • Strong attention to detail. Strong verbal and written communication skills.
  • Strong analytical and problem solving skills.
  • Practical experience with Linux and Windows operating systems.
  • Familiarity with common programming or scripting languages.
  • Working knowledge of log, network, and system forensic investigation techniques.
  • Working knowledge of diverse operating systems, networking protocols, and systems administration.
  • Working knowledge of common indicators of compromise and of methods for detecting these incidents.
  • Working knowledge of TCP/IP Networking and knowledge of the OSI model.
  • Working knowledge of OS management and Network Devices.
  • Working knowledge of Intrusion Detection/Prevention Systems.
  • Practical experience monitoring threats via a SIEM console.
  • Practical experience identifying indicators of compromise and of methods for detecting these incidents.
  • Practical experience analyzing threat intelligence sources and determining their applicability to the organization, determining mitigation and compensating controls and applying these to the tooling.
  • Practical experience with Intrusion Detection/Prevention Systems.
  • Practical experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs.
  • Excellent problem solving, critical thinking, and analytical skills - ability to de-construct problems.
  • Experience with packet analysis (Wireshark) and malware analysis preferred.

Operates under manager or more senior team member’s supervision and direction. Candidate must have experience documenting threat intelligence IOCs and applying rules/ detection blacklists with minimal oversight.

Physical Demands: 
General office environment.May require long periods sitting and viewing a computer monitor.Moderate levels of stress may occur at times. No special physical demands required.Occasional domestic travel, less than 10%

Stay in Touch!

Don’t see anything that fits your strengths or skills? 
Sign-up to be a part of our ‘Talent Community’ and receive information about jobs you’re interested in when they become available.
Equal Employment Opportunity Policy: Rackspace is committed to offering equal employment opportunity without regard to age, color, disability, gender, gender identity, genetic information, marital status, military status, national origin, race, religion, sexual orientation, veteran status, or any other legally protected characteristic. 

The above information has been designed to indicate the general nature and level of work performed by employees in this classification. It is not designed to contain or to be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the employee assigned to this job.

Share this job:


The #1 managed cloud company
Rackspace, the #1 managed cloud company, helps businesses tap the power of cloud computing without the challenge and expense of managing complex IT infrastructure and application platforms on their own. Rackspace engineers deliver specialized expertise on top of leading technologies developed by OpenStack, Microsoft, VMware and others, through a results-obsessed service known as Fanatical Support®. We have more than 300,000 customers worldwide, including two-thirds of the FORTUNE 100. Rackspace was named a leader in the 2015 Gartner Magic Quadrant for Cloud-Enabled Managed Hosting, and has been honored as one of Fortune’s Best Companies to Work For in six of the past eight years.
Hybrid Hosting, Cloud Hosting, E-Mail Hosting, Dedicated Managed Hosting, IT Services, Platform Hosting, VPN's, Network Security, SharePoint, and various other IT services, Managed Cloud
Visit Rackspace's Social Media pages:
Company Industry: Information Technology and Services
Company Type: Public Company
Company Size: 5,001-10,000