Cloud Security Specialist

at Catapult Consultants
Published July 17, 2022
Location Pensacola, FL
Category Default  
Job Type Full-time  

Description

Cloud Security Specialist serves as the primary POC for digital investigations and incident response of our cloud environments. Performs investigations to develop a preliminary diagnosis of the severity of breaches and onsite advanced technical assistance, proactive hunting, supports rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities.

Responsibilities:

  • Serve as the subject matter expert for investigations into potential compromise, intrusion, deficiency, significant event, or threat to the security posture and security baseline.
  • Develop, update and maintain standard operating procedures and other technical documentation for both client and internal operations, responding to and resolving situations caused by network attacks.
  • Develop/Establish the sets the minimum baseline skills, knowledge, and abilities required to demonstrate proficiency in your role.
  • Participate in a cross-functional team to develop content, dashboards, and tune analytic correlations to reduce false positives and increase actionable alerts for cloud environments.
  • Collaborate with MOE-CIRT shift leads, level 2 analysts, and Threat Hunt personnel to ensure that rulesets and alerts provide sufficient coverage of both the cloud and on-premises enclaves.
  • Provide cloud security training as directed and mentorship as requested to Security Operations Teams.
  • POC for all technical security appliances and solutions in the cloud that support the MOE.

Required Skills:

  • Active TS clearance with SCI eligibility
  • Must be able to obtain DHS Suitability
  • 7-10+ years of experience working in Cybersecurity technical roles
  • Experience with a diverse set of SIEM and data collection tools
  • Hands-on experience working with SOC/CIRT teams in defining workflows and analytical tools chains for operational efficiency and mission execution.
  • +3 Years working in a SOC/CIRT environment.
  • Experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
  • Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting cloud-based environments.
  • Documented experience with MITRE ATT&CK Framework. Ability to assess information of network threats such as scans, computer viruses, or complex attacks. Identify and report on gaps in monitoring and incident response visibility and strategy

Desired Skills:

  • Experience with one or more of the following programming/scripting/shell languages: Python, Java, C, Bash, PowerShell
  • Experience with creating regular expressions for use in data cleaning, parsing, validation, and reporting.
  • Experience applying security monitoring application data (like firewalls, intrusion detection systems, endpoint protection, etc.) to solve data security gaps to enable analytical use cases and mission execution.
  • Experience with data correlation, rules engines, and reporting engines, specifically with creating correlation rule sets, analytical reports, and dashboards to enable threat hunting, threat monitoring, and incident response.
  • Familiarity with SIEM and data collection tools like Splunk, Elastic, AT&T USM Anywhere, etc.

Required Certification:

  • Microsoft Certified: Security Operations Analyst Associate;
  • Or AWS Certified SysOps Administrator Associate

Desired Certifications:

  • Azure Security Engineer, AWS Certified Security - Specialty
Only registered members can apply for jobs.