SENIOR AWS CLOUD SECURITY CONSULTANT
Owings Mills, MD
ALTA IT Services has two immediate openings for Senior Cloud Security Consultants to support a leading health insurance company in Owings Mills, MD. The positions may be worked on a contract or contract to hire basis, depending on candidate preference.
Individuals selected for hire must pass a pre-employment background investigation.
The Senior Cloud Security Consultant will lead the development and implementation of cloud security event monitoring and correlation architectures within the Cybersecurity Operations Center. The selected candidate should have proven experience and the ability to leverage computer network defense (CND) analyst toolsets to detect and respond to Cybersecurity incidents. This role conducts research and documents threats and their behavior; provides recommendations for threat mitigation strategies; employs effective communication to clearly manage security incident response procedures; and performs routine event reporting including trend reporting and analysis.
PRINCIPAL ACCOUNTABILITIES: Under the direction of the Manager, Cybersecurity Monitoring, Digital Forensics and Incident Response, the incumbent is responsible for, but is not limited to, the following:
Duties and Responsibilities:
- Development of strategic and tactical cloud security controls
- Implement cloud logging and monitoring components
- Automate cloud forensic processes
- Develop security monitoring use cases for all aspects of cloud components
- Implement appropriate secure cloud connectivity such as transit gateways, transit VPNs, etc.
- Develop and implement Intrusion Prevention technology in a cloud environment
- Dedicated monitoring and analysis of Cyber security events.
- Audit and review system reports and security logs for unauthorized access, noncompliant activity, or access misuse.
- Monitor and escalate incoming security requests and events of interest from different external and internal sources
- Clearly and accurately document observations. Process incident communications to include initial reporting, follow-ups, requests for information and resolution activity.
- Follow standard operating procedures for detecting, classifying, and reporting incidents.
- Traffic analysis (at the packet level) and reconstruction of network traffic to Client anomalies, trends, and patterns affecting the customer's networks
- Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings.
SCOPE DATA;
- This position supports the overall mission of the Cybersecurity Operations Center, which is to ensure the confidentiality, integrity and availability of protected data stored throughout the enterprise. The incumbent is responsible for assessing the impact of security events on the enterprise and engaging appropriate resources for detailed technical and forensic analysis.
QUALIFICATION REQUIREMENTS
- Degree or equivalent experience: BA/BS in Information Technology, Cybersecurity, Networking, Security, MIS, Computer Science or related field
- Minimum 5 years of demonstrated work experience. (Additional experience may be substituted for educational requirement.)
Along with the basic qualifications, the candidate will need to have experience in the following areas:
- Cloud Security, Computing and Storage
- Forensics
- Cybersecurity threat detection, monitoring and reporting
- Incident Response
- Cyber Intelligence and Threat Hunting
Specialized training (preferred, but not required):
Transitioning, maintaining, or using security technologies such as Security Incident and Event Management (SIEM), Endpoint protection, Data Loss Prevention, Forensic tools, Network Anomaly Detection, Packet Capture Analysis; Incident response principles or related technical domain that is applied in the context of a broader understanding of CSIRT and related systems and processes.
Certification requirements (preferred, but not required):
- GCIA (GIAC Certified Intrusion Analyst)
- GCIH (GIAC Certified Incident Handler) or the ability to obtain one certification within 6 months
- AWS Certified Security
Required Skills and Abilities:
- Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time.
- Must be able to effectively communicate.
Firm understanding of Information and/or Cyber Security principles.
- Must be able to adapt quickly to understand rapidly changing threat landscape in order to correctly scope and prioritize security events.
- Must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.
Required skills:
- Must have 2+ years of AWS hands-on experience.
- Experience preventing, detecting, analyzing and responding to threats against sensitive information.
- Experience triaging security, network and endpoint forensic analysis, threat hunting and vulnerability escalation.
- Experience with security monitoring and reporting tools and conducting security investigations of incidents and events.
- Experience with scripting, automation and/or programming: Python, PowerShell, Ansible, other orchestration tools, or equivalent.
- Experience analyzing large data sets and log files to find correlations and anomalies.
- Experience with designing and developing data acquisition pipelines; use of Kafka, ELK, SPLUNK and Big Data solutions highly preferential.
- Ability to utilize native cloud security tools in AWS and Azure to design and implement continuous monitoring solutions.
- Must have the ability to script in multiple languages include Python and AWS
Preferred:
- Cloud Security Detection and Response
- SOAR technology
- ELK stack
- Hands-on experience in a hybrid (AWS/Azure) cloud environment developing and implementing security monitoring solutions.
Job Types: Full-time, Contract