Requirements

Key Responsibilities:

Cybersecurity Operations:

• 
  Lead investigation and resolution of complex security incidents and breaches, coordinating with L1 and L2 teams as necessary.
• 
  Monitor security tools and platforms (SIEM, EDR, IDS/IPS) to detect threats and mitigate vulnerabilities.
• 
  Perform root-cause analysis for incidents, implementing preventative measures and documenting lessons learned.
• 
  Conduct penetration tests and vulnerability assessments, ensuring remediation plans are implemented effectively.
• 
  Develop and enforce security policies, procedures, and guidelines to protect sensitive data and systems.

Cloud/Infrastructure Security:

• 
  Design and implement robust security controls for cloud platforms (AWS, Azure, GCP) and hybrid environments.
• 
  Manage identity and access management (IAM), ensuring least privilege principles are applied across the infrastructure.
• 
  Conduct regular audits and assessments to validate compliance with security standards and regulations (e.g., GDPR, ISO 27001).
• 
  Protect virtualized environments and containers using tools like Kubernetes security, Docker, or Azure Kubernetes Service (AKS).
• 
  Monitor cloud environments for misconfigurations, unauthorized changes, or suspicious activity using tools like Prisma Cloud, Microsoft Defender for Cloud, or AWS Security Hub.

Threat Intelligence and Response:

• 
  Stay updated on the latest cybersecurity trends, threats, and vulnerabilities to ensure proactive protection measures.
• 
  Collaborate with Threat Intelligence teams to analyze emerging risks and recommend appropriate countermeasures.
• 
  Develop and execute incident response playbooks for cloud and infrastructure-specific scenarios.

Security Automation and Optimization:

• 
  Implement automation solutions to improve detection, response, and remediation times using tools like SOAR platforms (e.g., Splunk Phantom, Palo Alto Cortex XSOAR).
• 
  Optimize security tool performance and conduct regular health checks to ensure systems are running efficiently.
• 
  Drive continuous improvement in operational processes by identifying inefficiencies and proposing enhancements.

Collaboration and Reporting:

• 
  Partner with DevOps, CloudOps, and IT teams to ensure seamless integration of security measures into infrastructure workflows.
• 
  Provide regular security reports and metrics to leadership, highlighting trends, risks, and mitigations.
• 
  Mentor and train junior analysts in advanced security operations and best practices.

Required Skills and Qualifications:

Technical Skills:

• 
  Strong expertise in
  Cybersecurity
  domains: threat hunting, incident response, vulnerability management, and penetration testing.
• 
  Advanced knowledge of
  cloud security tools
  and frameworks for AWS, Azure, and GCP.
• 
  Proficiency with security tools: SIEM (Splunk, QRadar, Sentinel), EDR (CrowdStrike, Carbon Black), IDS/IPS (Snort, Suricata).
• 
  Experience with encryption technologies, firewalls, VPNs, and Zero Trust architectures.
• 
  Proficiency in scripting or programming (Python, Bash, PowerShell) for security automation.

Experience:

• 
  5+ years in cybersecurity or IT security roles, with at least 2 years in cloud/infrastructure security.
• 
  Proven experience in handling L3 escalations for complex security incidents.
• 
  Familiarity with regulatory compliance standards (e.g., NIST, GDPR, PCI DSS, ISO 27001).

Soft Skills:

• 
  Strong analytical and critical thinking skills to resolve complex security challenges.
• 
  Excellent communication skills for cross-functional collaboration and incident reporting.
• 
  Ability to work effectively under pressure and manage multiple priorities.

Preferred Qualifications:

• 
  Certifications:
  CISSP
  ,
  AWS Certified Security - Specialty
  ,
  Microsoft Certified: Security, Compliance, and Identity Fundamentals
  , or
  CCSP
  .
• 
  Experience with DevSecOps practices and CI/CD pipeline security.
• 
  Familiarity with security in containerized environments (Kubernetes, Docker).