Senior Security Analyst

About our Company:

Based in Denver, Colorado, Cologix is North America's leading network-neutral interconnection and hyperscale edge data center company. Our platform gives customers access to 40+ digital edge and Scalelogix^SM hyperscale edge data centers in 11 markets across the United States and Canada along with a carrier-dense ecosystem of 700+ networks, 360+ cloud providers, 30+ onramps and six Internet exchanges.  We provide our nearly 2,000 customers with direct access to our local operations teams, resulting in strong partnerships enabled by exceptional operational support and unparalleled customer service. Backed by one of the largest North American infrastructure funds, Cologix's experienced leadership team, certified staff and commitment to ESG initiatives help form a culture that values our people, our environment and our clients.

About the Position:

• Investigate and remediate escalated incidents, identify affected systems/scope of attack, mitigate active threats, use threat intelligence to improve detection and response capabilities, create and maintain documentation, mentor junior team members.

Responsibilities

• Collaborative issue/remediation on a broad set of IT related issues: Cybersecurity risks, regulatory, data protection, user access, various controls, etc.
• Perform reviews of related IT Compliance documentation, procedures, and controls, including creating work papers and making recommendations for remediation.
• Respond to security events, validate, and investigate escalated incidents, perform mitigation and recovery operations.
• Fine-tune, optimize, and support existing security tools used for security monitoring, detection of events, and incident response efforts. For example, SIEM, EDR, CASB, DLP, etc.
• Create and maintain incident response documentation, incident investigation records, root cause analysis documentation, internal knowledgebase, and runbooks.
• Conduct quantifiable threat and risk analysis and provide viable solutions.
• Participate in blue/purple team exercises, design and conduct DR/BCP/IR tabletop exercises, update process documentation based on lessons learned.

Required Qualifications

• A computer science related baccalaureate degree from an accredited college, or equivalent experience.
• Minimum of 5 - 8 years’ experience in security in an enterprise environment.
• Experience with vulnerability scanning applications, log management and alerting platforms, and packet analyzers.
• Experience with network segmentation and/or security zones for applicable data protection according to data classification.
• Willing to share knowledge with co-workers and to assist them in understanding technical and business topics.
• Working knowledge of information systems security standards and practices (e.g., access control, system hardening, system auditing, log file monitoring, security policies, and incident handling).
• Experience with detection and response tools including Network Behavior Anomaly Detection, Data Loss Prevention, Email Gateway services, Sandboxing, DDoS Mitigation, WAF, Forward/Reverse Proxies, DNS Security, etc.
• Demonstrated experience of “hands-on” security knowledge of one or more of the following platforms: Windows, Apple IOS, Linux.
• Working knowledge of networking protocols, web technologies, and cloud computing.
• Ability to interpret information security data and processes to identify potential Indicators of Compromise (IoC).
• Ability to quickly understand complicated data flows in order to identify and validate security requirements.
• A team player with the willingness to establish a strong positive working relationship with all areas of the business.
• Must be a Self-Starter and possess the ability to work effectively, independent of assistance or supervision.
• Must be able to work well in a fast-paced, rapidly evolving environment within a growing company.
• Efficient in all Microsoft Office products.
• Ability to clearly communicate Information Security matters to executives, auditors, end-users, and engineers using appropriate language, examples, and tone.
• One or more of the following advanced professional security certifications: CompTIA Security+, Network+, CRISC, or CCSP (or willingness to attain within 12 months).

Preferred

• One or more professional advanced offensive or detection and response certifications such as OSCP, GCIH, GCDA, GCIA, GCFE (or other related industry certifications).
• Experience with wired and wireless network-based passive and active controls like IDS and IPS.
• Familiarity with ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement.
• Familiarity with Regulatory Compliance and industry standards and frameworks such as ISO27k, SSAE18 SOC 2, and PCI.

Cologix’ data centers are ISO 27001:2022 certified. ISO 27001:2022 certification and the Cologix portfolio of information security, information privacy and other industry recognized certifications represents our dedication to insuring the confidentiality, integrity and availability of company and customer information systems and assets. At Cologix, information security is everyone’s responsibility. Cologix employees are responsible for:

• Understanding and following Cologix' information security, cybersecurity and privacy policies, procedures and standards.
• Ensuring conformance to all information security, cybersecurity and privacy policies, procedures, and standards.
• Remaining vigilant and reporting any suspicious activity or possible vulnerabilities, weaknesses, threats, or breaches in Cologix information security to company information security and privacy officers.
• Actively participating in Cologix’ efforts to maintain and improve information security.

***Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or transfer sponsorship of an employment visa at this time, including CPT/OPT.***

NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as assigned to meet the ongoing needs of the organization.

Cologix is proud to be an Equal Opportunity Employer. Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or veteran status.  If you need assistance in applying for any of our open positions, please contact us at recruiting@cologix.com or call 720-940-2551. 

The California Consumer Privacy Act (“CCPA”) creates privacy rights relating to the collection, sale, disclosure, and deletion of consumers’ personal information. The CCPA requires businesses to provide consumers, including job applicants and employees, with information about their rights, including a description of the categories of personal information to be collected and the purpose for which the information will be used. For additional information regarding your rights, including a description of the categories of personal information to be collected and the purpose for which the information will be used, please see https://cologix.com/privacy-policy/.

Cologix’ data centers are ISO 27001:2013 certified. ISO 27001:2013 certification and the Cologix portfolio of information security, information privacy and other industry recognized certifications represents our dedication to insuring the confidentiality, integrity and availability of company and customer information systems and assets. At Cologix, information security is everyone’s responsibility. Cologix employees are responsible for:

• Understanding and following Cologix' information security, cybersecurity and privacy policies, procedures and standards.
• Ensuring conformance to all information security, cybersecurity and privacy policies, procedures, and standards.
• Remaining vigilant and reporting any suspicious activity or possible vulnerabilities, weaknesses, threats, or breaches in Cologix information security to company information security and privacy officers.
• Actively participating in Cologix’ efforts to maintain and improve information security.