VP- SOC, CLOUD INCIDENT RESPONDER

Job Description

Cloud Incident Response Team seeks a highly skilled and experienced cloud incident response practitioner to support critical efforts aimed at protecting public cloud infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the cloud incident response team. You will be assigned to client SOC and will collaborate closely with a talented cadre of cloud security specialists and cloud incident responders to react urgently to security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing security posture. As an individual contributor, you will be a hands-on first responder who triages and investigates cybersecurity incidents in public cloud environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same. 

Responsibilities:

• Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud.


• Execution of cloud-native automation to run containment actions on cloud resources based on sources of compromise and/or malicious activities taking place.


• Execution of automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations.


• Host-based analytical functions (e.g. digital forensics, metadata, etc.) through investigating cloud-native workloads to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).


• Detailed cloud focused investigations by analyzing relevant logs such as Cloud Trail, VPC Flow, Cloud Watch, etc. based on alerts generated by detective controls and cloud-native services such as Guard Duty.


• Develop, document and maintain operationally effective playbooks to deal with cloud based incidents.


• Work with application and infrastructure stakeholders to identify key components and information sources such as cloud environments, instances, middleware, applications, databases, logs, etc.


• Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents.


• Document and present investigative findings for high profile events and other incidents of interest.


• Participate in readiness exercises such as purple team, table tops, etc.


• Train junior colleagues on relevant best practices.


• Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets requirements or industry best practices.


• Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies.


• Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions.


• Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures.


• Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response.


• Disseminate changes to IS regulations and standards to Business and Program owners.


• Provide Information Security advice and counsel as needed.

Qualifications:

• 5+ years of professional experience in cloud security and/or information security, or demonstrated equivalent capability.


• 2+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components.


• Demonstrated ability to research and apply current information regarding the IS field.


• Experience in Cloud Forensics/IR


• Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services.


• Hands-on experience with analyzing and pivoting through large data sets.


• Prior experience with common security-focused cloud services on Amazon Web Services and Google Cloud Platform.


• Hands-on experience with cyber security, forensic investigations or large scale incident response in cloud environments.


• Experience with container orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g. Docker, Kubernetes). 


• GCP Professional Architect and/or Professional Cloud Security Engineer.


• Certified Kubernetes Administrator and /or Security Specialist.


• AWS Solutions Architect - Professional and/or AWS Security Specialty


• Windows Operating Systems / UNIX specifically in command line use and basic file system knowledge.


• Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.).

Education:

• Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc. or equivalent experience.


• Master’s degree preferred