Responsibilities
- Lead and support in-depth triage and investigations of urgent cyber incidents and remediation in Cloud
- Facilitate Cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
- Utilize automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations
- Take ownership of Cloud incidents and drive them to conclusion while documenting investigation analysis objectively capturing the Who, What, When, Where, Why and How as related to the incident
- Develop, document and maintain operationally effective playbooks to deal with Cloud-based incidents
- Perform Cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope
- Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
- Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed
- Own and drive the development of new automation capabilities and supporting playbooks as per assigned domains within Cloud
- Actively participate in Threat modelling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.
- Stay curious, current and up to date with the evolving landscape of threat activities, cybersecurity best practices, and newer Cloud services/capabilities
Qualifications
- 4+ years' hands-on experience in Cloud Security owning security incident remediation with at least 2 years' experience working in Cyber Incident Response and Investigations in enterprise environments with Cloud and Forensics components
- Hands-on DevSecOps experience with Cloud environments and underlying storage, compute, monitoring and security-oriented services
- Hands-on experience with analyzing and pivoting through large data sets of logs
- Prior experience with common security-focused Cloud services on one or more CSPs, i.e. AWS, GCP, Azure/M365
- Experience with Container Orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g., Docker, Kubernetes)
- Linux/UNIX OS specifically in command line (CLI) use and basic file system knowledge
- Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
- Proficient in basic scripting and automation of tasks (e.g., PowerShell, Python, CloudFormation, SSM Automation etc.)
- Strong working knowledge of Networking Protocols and Cloud Infrastructure Designs including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
- Must have flexibility to work outside of normal business hours when necessary
Education
- Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
1 of more of the following Certifications is highly preferred:
- AWS Certified Solutions Architect - Professional
- AWS Certified Security - Specialty
- GCP Professional Architect
- GCP Professional Cloud Security Engineer
- Certified Kubernetes Security Specialist
- SC-400 Information Protection and Compliance Administrator Associate
- SC-200 Security Operations Analyst Associate
- AZ-500 Azure Security Engineer Associate
- MS-500 Microsoft 365 Certified: Security Administrator Associate
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Information SecurityFull timeIrving Texas United States$125,760.00 - $188,640.00
Anticipated Posting Close Date:
Dec 03, 2024View the " " poster. View the .
View the .
View the