|Published||November 8, 2023|
Job Title : Cloud Security Analyst
Location : CHESTERFIELD, Missouri(on-site)
Combine technical security engineering and executive-level business consulting expertise to deliver innovative commercial Cloud strategic planning and technical solutions. Perform extensive research and analysis of RGA’s Cloud environments and delivery models, system security monitoring, tuning and alerting recommendations. Assess and document vendor vs application owner responsibilities for vulnerability scanning, remediation, and mitigation, including risk assessments and risk reporting. Maintain responsibility for analyzing and continuously monitoring Cybersecurity and privacy policies, programs, compliance artifacts, or standards for security compliance, systems authorization, and management in a commercial Cloud environment. Monitor, analyze and report on the establishment of tactics, techniques, and procedures (TTPs) for application owners.
1 Leverage Microsoft Azure, AWS and Google Cloud Platform resources to detect, triage, remediate, and recover compromised systems across the enterprise cloud environment.
2 Implement best practices in cloud logging for incident response and digital forensics.
3 Create playbooks and document standard operating procedures for incident response on cloud platforms.
4 Participate in exercises to validate security profile of cloud environments, and work to improve vulnerabilities. Participate in security activities including vulnerability testing and analysis, ethical hacking, purple team assessments, and other security testing.
5 Mentor associates within the department on cloud technology, cloud incident response, and cloud security best practices. Provide training and guidance to team members as required.
6 Make recommendations on toolset modifications and improvements, improvements on development processes and production application security support.
7 Participate as a key member for security incident response activities.
8 Perform other duties as assigned.
Required: Bachelor’s degree or equivalent experience.
Preferred: Master's degree and/or LOMA certification, MCSE
• 4+ years of relevant work experience.
• Experience in application vulnerability assessments, Testing and execution
• 4+ years of experience in Information Security (Vulnerability Management, Incident Response, install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs).
• Experience with researching emerging technologies, including commercial, mobile, and Cloud service providers (AWS, Azure)
• Experience with Cloud Cybersecurity efforts and emerging technology aligned with NIST, SOC2 or other equivalent Frameworks.
• Outstanding communication, analytical skills and ability to function in a globally diverse work environment.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Experience in system technology security testing (vulnerability scanning and penetration testing).
• Experience in application technology security testing (white box, black box and code review).
• Splunk, Sentinel or other equivalent SEIM technologies
• Azure, GCP, AWS
• Palo Alto NGFW, Prisma
• 5+ years’ experience in systems and network monitoring technologies and tools
• 4 or more years’ experience in designing solutions or applications with programming technologies and tools
• Experience working with SOAR platforms is a plus.
• 6 + years of experience with public and hybrid cloud environments.
• Insurance industry knowledge
Preferred technology experience
• SANS GIAC