Cloud Security Specialist - Remote
- Posted: over a month ago
Cloud Security Specialist
Remote is an option. Cloud Security Specialist serves as the primary POC for digital investigations and incident response of our cloud environments.
Performs investigations to develop a preliminary diagnosis of the severity of breaches and onsite advanced technical assistance, proactive hunting, supports rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities.
This position requires a minimum of a USG Secret Security Clearance!
- Serve as the subject matter expert for investigations into potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline.
- Develop, update and maintain standard operating procedures and other technical documentation for both client and internal operations, responding to and resolving situations caused by network attacks.
- Develop/Establish the sets the minimum baseline skills, knowledge, and abilities required to demonstrate proficiency in your role.
- Participate in cross functional team to develop content, dashboards, and tune analytic correlations to reduce false positives and increase actionable alerts for cloud environments.
- Collaborate with MOE-CIRT shift leads, level 2 analysts, and Threat Hunt personnel to ensure that rulesets and alerts provide sufficient coverage of both the cloud and on-premises enclaves. • Provide cloud security training as directed and mentorship as requested to Security Operations Teams.
- POC for all technical security appliances and solutions in the cloud that support the MOE.
- U.S. Citizenship
- Active Secret clearance
- Must be able to obtain DHS Suitability
- 7-10+ years of experience working in Cybersecurity technical roles
- Experience with a diverse set of SIEM and data collection tools
- Hands on experience working with SOC/CIRT teams in defining workflows and analytical tools chains for operational efficiency and mission execution.
- +3 Years working in a SOC/CIRT environment.
- Experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
- Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting cloud based environments.
- Documented experience with MITRE ATT&CK Framework. Ability to assess information of network threats such as scans, computer viruses or complex attacks. Identify and report on gaps in monitoring and incident response visibility and strategy
Desired Skills: • Experience with one or more of the following programming/scripting/shell languages: Python, Java, C, Bash, PowerShell
- Experience with creating regular expressions for use in data cleaning, parsing, validation, and reporting.
- Experience applying security monitoring application data (like firewalls, intrusion detection systems, endpoint protection, etc.) to solve data security gaps to enable analytical use cases and mission execution. • Experience with data correlation, rules engines and reporting engines, specifically with creating correlation rule sets, analytical reports, and dashboards to enable threat hunting, threat monitoring, and incident response.
- Familiarity with SIEM and data collection tools like Splunk, Elastic, AT&T USM Anywhere, etc.
- Required Certification - Microsoft Certified: Security Operations Analyst Associate; or AWS Certified SysOps Administrator - Associate •
Desired Certifications - Azure Security Engineer, AWS Certified Security - Specialty
Job Posted by ApplicantPro
Argo Cyber Systems
Real EstateView all jobs at Argo Cyber Systems