Cloud Security Specialist serves as the primary POC for digital investigations and incident response of our cloud environments. Performs investigations to develop a preliminary diagnosis of the severity of breaches and onsite advanced technical assistance, proactive hunting, supports rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities.

Responsibilities:

• Serve as the subject matter expert for investigations into potential compromise, intrusion, deficiency, significant event, or threat to the security posture and security baseline.
• Develop, update and maintain standard operating procedures and other technical documentation for both client and internal operations, responding to and resolving situations caused by network attacks.
• Develop/Establish the sets the minimum baseline skills, knowledge, and abilities required to demonstrate proficiency in your role.
• Participate in a cross-functional team to develop content, dashboards, and tune analytic correlations to reduce false positives and increase actionable alerts for cloud environments.
• Collaborate with MOE-CIRT shift leads, level 2 analysts, and Threat Hunt personnel to ensure that rulesets and alerts provide sufficient coverage of both the cloud and on-premises enclaves.
• Provide cloud security training as directed and mentorship as requested to Security Operations Teams.
• POC for all technical security appliances and solutions in the cloud that support the MOE.

Required Skills:

• Active TS clearance with SCI eligibility
• Must be able to obtain DHS Suitability
• 7-10+ years of experience working in Cybersecurity technical roles
• Experience with a diverse set of SIEM and data collection tools
• Hands-on experience working with SOC/CIRT teams in defining workflows and analytical tools chains for operational efficiency and mission execution.
• +3 Years working in a SOC/CIRT environment.
• Experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting cloud-based environments.
• Documented experience with MITRE ATT&CK Framework. Ability to assess information of network threats such as scans, computer viruses, or complex attacks. Identify and report on gaps in monitoring and incident response visibility and strategy

Desired Skills:

• Experience with one or more of the following programming/scripting/shell languages: Python, Java, C, Bash, PowerShell
• Experience with creating regular expressions for use in data cleaning, parsing, validation, and reporting.
• Experience applying security monitoring application data (like firewalls, intrusion detection systems, endpoint protection, etc.) to solve data security gaps to enable analytical use cases and mission execution.
• Experience with data correlation, rules engines, and reporting engines, specifically with creating correlation rule sets, analytical reports, and dashboards to enable threat hunting, threat monitoring, and incident response.
• Familiarity with SIEM and data collection tools like Splunk, Elastic, AT&T USM Anywhere, etc.

Required Certification:

• Microsoft Certified: Security Operations Analyst Associate;
• Or AWS Certified SysOps Administrator – Associate

Desired Certifications:

• Azure Security Engineer, AWS Certified Security - Specialty

Powered by JazzHR

eK2c3uT8Ko