Responsibilities include, but are not limited to:
- Actively investigate alerts related to potentially anomalous behavior/activity.
- Confidently and professionally interview/question users to determine or confirm root cause.
- Communicate effectively with response and business partners.
- Build and monitor Splunk alerting and dashboards.
- Identify areas for further process automation, simplification, and improvement.
- Provide status updates for executives and stakeholders in non-technical terms encompassing risk, impact, containment, remediation, etc.
- Risk management.
- Comprehensively document analysis, investigative activities, actions, etc.
Required Skills/Qualifications:
- 3+ years of experience with cloud information security related activities.
- 3+ years of experience in an operations focused cloud information security role.
- Experience conducting analysis/investigation and containment of potential data breaches or cyber security incidents.
- Ability to analyze data and evaluate relevance to a specific incident under investigation.
- Ability to handle multiple competing priorities in a fast-paced environment; ability to be decisive and take action without causing an undue delay.
- Ability to exercise independent judgment when responding to alerts.
- Ability to communicate effectively across all levels of the organization, to both technical and non-technical audiences.
- Familiarity with security vulnerabilities exploits and hacker techniques.
- Familiarity identity management standards, social engineering TTPs, and the incident response lifecycle.
- Familiarity with Splunk, and the ability to build queries, alerts, dashboards, etc.
- Knowledgeable of current authentication-based exploits.
- Proven experience presenting findings via written reports and orally to key stakeholders in clear and concise language.
- Supportive and can work well as part of a team as well as independently.
- Can remain calm under pressure.
- Ability to work in a strong team-orientated environment with a sense of urgency and resilience.
- Critical thinking - must be able to think outside the box and develop solutions to accomplish seemingly impossible tasks while remaining risk and objective focused.
Desired Skills/Qualifications/Certifications:
Cloud+; AZ-900 (Azure Fundamentals), AZ-500 (Azure Security Engineer Associate), SC-900 (Security, Compliance and Identity Fundamentals); AWS Certified Security Specialty 2024