What a day is like:
-
Monitor and support alerts from PagerDuty, Splunk, Imperva, PhishER, hCaptcha, JupiterOne and infrastructure running on AWS
-
Identify, contain and resolve cyber security incidents
-
Identify security flaws and vulnerabilities
-
Develop response procedures for security incidents
-
Produce detailed incident reports
-
Participate in daily stand-up meetings
-
Lead research processes and functional IT teams or projects to solve complex issues
-
Support information security audits with technical evidence
-
Drive tickets in Jira through different phases until reaching closure
-
Solve complex problems, taking a broad perspective to identify innovative solutions
-
Contribute to departmental business planning and solution design
-
Communicate difficult concepts and negotiates with others to conclude on goal-centric points of view
-
Interpret challenges and recommend best practices to improve processes
-
Provide resolution support to wide array of issues that are complex in scope
-
Use expert-level cyber security knowledge base to complete tasks
You’re perfect for this role if you have:
-
8+ years’ experience working with systems deployed on AWS
-
6+ years’ technical experience in Incident Management for AWS Cloud solutions
-
2+ years’ experience with network security, intrusion detection and response, security incident management (SIEM)
-
2+ years’ experience using Splunk for Incident Management and processes supported by Identity Management, Phishing handling, On-Call systems, End point Detection and response, AWS cloud security tools
-
Proven experience in:
-
Incident Management (2+ years)
-
Risk Management techniques (2+ years)
-
Vulnerability Management
-
Web Application Firewalls
-
SOAR playbooks and workflows
-
Experience as a subject matter expert or stakeholder
-
Previously supported information security audits in any of the following frameworks or regulations: PCI DSS, NIST, ISO 27001
-
Experience analyzing threats of cloud and application components (such as, findings from Security Assessments)
-
Intrinsic understanding of software development life cycles
-
Excellent oral and written communication skills
-
Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities in the code or application
-
The ability to work independently, and on a team, requesting guidance in complex situations, when needed
-
Capacity to lead functional teams or projects to solve complex problems and deliver solutions
Preferred Qualifications:
-
Familiarity with Java (including npm and Maven), Docker & Kubernetes
-
Familiarity with some of the following:
-
SAST (Static Application Security Testing)
-
DAST (Dynamic Application Security Testing)
-
SCA (Software Composition Analysis)
-
SBOM (Software Bill of Materials)
-
Image Scanning
-
IaC (Infrastructure as Code)
-
Threat Modeling
-
PenTesting (Web App, Mobile, External)
-
CSA (Cloud Security Assessment)
Academic Background:
-
Not required, but typically holds BsC or MsC college/university degree in Information Security, Cybersecurity, Computer Science or Software Engineering
-
Holds at least one of the following Information Security certifications: CCSP, C|EH, OSCP, GCIH, CISSP, CISA, CISM
-
Ideally, holds AWS Certified Security certification or an akin certification