2+ years of experinence working with industry standard enterprise offerings from leading cybersecurity platforms such as Azure security tech stack, PME, Kusto, PBI, Microsoft Defender etc
2+ years of experience working with secure SDLC
Preferred Skills:
Industry certifications like Security+, Certified Information Security Manager (CISM)
Experience building automated tooling solutions
Experience with SDLC and Threat modelling
Experience with commercial static and dynamic security scanning tools
Understanding and ability to communicate the techniques, tactics and practices of an attacker to engineers and business stakeholders who are part of a globally dispersed team
Understanding of OSI protocols such as TCP/IP, UDP, HTTP, HTTPS
Experience with assessment, development, implementation, integration, optimization, and documentation of a comprehensive and broad set of security technologies and processes within SaaS, IaaS, PaaS environments
Proven experience with deploying and securing IaaS, PaaS and SaaS solutions using native cloud security controls as well as be familiar with products and solutions outside of native cloud security controls
Ability to quickly and succinctly architect and create technical solution documentation
Responsibilities
Deploy monitoring and threat simulation testing for security controls to validate efficacy improving on established frameworks
Perform analysis against logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential threats and detection ideas
Build response workflows and actions that auto-resolve false positives and provide context scaling our ability to investigate
Support security incident response in a cross-functional environment and drive incident resolution for internal and external threats
Respond to security alerts generated in security tooling, driving the incident response process to completion
Provide advanced security event detection and threat analysis for complex and/or escalated security events
Provide log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions
Create custom alert schema, reports and custom dashboards
Perform monitoring, research, assessment and analysis on all notable security events from a variety of technologies such as firewalls, intrusion detection systems, cloud services, endpoint security and operating system events
Create and follow appropriate pre-defined procedures to further investigate security events and handle escalations to other required personnel as necessary