|Published||July 20, 2022|
Cloud Security Specialist serves as the primary POC for digital investigations and incident response of our cloud environments. Performs investigations to develop a preliminary diagnosis of the severity of breaches and onsite advanced technical assistance, proactive hunting, supports rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities.
- Serve as the subject matter expert for investigations into potential compromise, intrusion, deficiency, significant event, or threat to the security posture and security baseline.
- Develop, update and maintain standard operating procedures and other technical documentation for both client and internal operations, responding to and resolving situations caused by network attacks.
- Develop/Establish the sets the minimum baseline skills, knowledge, and abilities required to demonstrate proficiency in your role.
- Participate in a cross-functional team to develop content, dashboards, and tune analytic correlations to reduce false positives and increase actionable alerts for cloud environments.
- Collaborate with MOE-CIRT shift leads, level 2 analysts, and Threat Hunt personnel to ensure that rulesets and alerts provide sufficient coverage of both the cloud and on-premises enclaves.
- Provide cloud security training as directed and mentorship as requested to Security Operations Teams.
- POC for all technical security appliances and solutions in the cloud that support the MOE.
- Active TS clearance with SCI eligibility
- Must be able to obtain DHS Suitability
- 7-10+ years of experience working in Cybersecurity technical roles
- Experience with a diverse set of SIEM and data collection tools
- Hands-on experience working with SOC/CIRT teams in defining workflows and analytical tools chains for operational efficiency and mission execution.
- +3 Years working in a SOC/CIRT environment.
- Experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
- Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting cloud-based environments.
- Documented experience with MITRE ATT&CK Framework. Ability to assess information of network threats such as scans, computer viruses, or complex attacks. Identify and report on gaps in monitoring and incident response visibility and strategy
- Experience with one or more of the following programming/scripting/shell languages: Python, Java, C, Bash, PowerShell
- Experience with creating regular expressions for use in data cleaning, parsing, validation, and reporting.
- Experience applying security monitoring application data (like firewalls, intrusion detection systems, endpoint protection, etc.) to solve data security gaps to enable analytical use cases and mission execution.
- Experience with data correlation, rules engines, and reporting engines, specifically with creating correlation rule sets, analytical reports, and dashboards to enable threat hunting, threat monitoring, and incident response.
- Familiarity with SIEM and data collection tools like Splunk, Elastic, AT&T USM Anywhere, etc.
- Microsoft Certified: Security Operations Analyst Associate;
- Or AWS Certified SysOps Administrator – Associate
- Azure Security Engineer, AWS Certified Security - Specialty
Powered by JazzHR