Cologix, Inc. is hiring a
Security Analyst II

Summary

The job is for a Security Analyst at Cologix, a leading network-neutral interconnection and hyperscale edge data center company based in Denver. The role involves investigating and remedying escalated incidents, managing security tools, creating documentation, and mentoring junior analysts.

Requirements

• A computer science related baccalaureate degree from an accredited college, or equivalent experience
• Minimum of 5 - 8 years’ experience in security in an enterprise environment
• Experience with vulnerability scanning applications, log management and alerting platforms, and packet analyzers
• Experience with network segmentation and/or security zones for applicable data protection according to data classification
• Willingness to share knowledge with co-workers and to assist them in understanding technical and business topics
• Working knowledge of information systems security standards and practices (e.g., access control, system hardening, system auditing, log file monitoring, security policies, and incident handling)
• Experience with detection and response tools including Network Behavior Anomaly Detection, Data Loss Prevention, Email Gateway services, Sandboxing, DDoS Mitigation, WAF, Forward/Reverse Proxies, DNS Security, etc
• Demonstrated experience of ‘hands-on’ security knowledge of one or more of the following platforms: Windows, Apple IOS, Linux
• Ability to interpret information security data and processes to identify potential Indicators of Compromise (IoC)
• Ability to quickly understand complicated data flows in order to identify and validate security requirements
• A team player with a willingness to establish a strong positive working relationship with all areas of the business
• Ability to work effectively, independent of assistance or supervision
• Ability to clearly communicate Information Security matters to executives, auditors, end-users, and engineers using appropriate language, examples, and tone
• One or more of the following advanced professional security certifications: Network+, Security+, CCNA, GSEC, CRISC, CISSP (or requisite experience to attain within 12 months)

Responsibilities

• Investigate and remediate escalated incidents, identify affected systems, mitigate active threats, leverage threat intelligence to set threat hunting priorities
• Perform reviews of related IT Compliance documentation, procedures and controls, including creating work papers and making recommendations for remediation
• Respond to security events, validate and investigate escalated incidents, perform mitigation and recovery operations
• Fine-tune, optimize, and support existing security tools used for security monitoring, detection of events, incident response efforts, and security awareness training
• Create and maintain incident response documentation, incident investigation records, root cause analysis documentation, internal knowledgebase, and runbooks
• Conduct quantifiable threat and risk analysis and provide viable solutions
• Participate in blue/purple team exercises, design and conduct DR/BCP/IR tabletop exercises, update process documentation based on lessons learned

Preferred Qualifications

• One or more professional advanced offensive or detection and response certifications such as OSCP, GCIH, GCDA, GCIA, GCFE (or equivalent work experience)
• Experience with wired and wireless network-based passive and active controls like IDS and IPS
• Familiarity with ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement
• Familiarity with Regulatory Compliance and industry standards and frameworks such as ISO27k, SSAE18 SOC 2, and PCI

Benefits

• Medical, dental and vision insurance
• Flexible spending account options
• Non-accrued PTO
• Company paid holidays
• 401k Retirement Plan
• Short- and Long-Term Disability