As a member of the stackArmor– Cloud Security Operations and Continuous Monitoring team, your work will revolve around monitoring, analyzing, and responding to critical security events within a client’s AWS-based hosting environments in compliance with FedRAMP, FISMA/RMF, and CMMC requirements.
- Understanding common attack patterns and threat profiles using well-known frameworks such as MITRE ATT@CK amongst others
- Developing playbooks, algorithms, and incident response processes for preventing, detecting, and responding to security events
- Implementing monitoring, analysis, and response procedures and helping the wider team learn and acquire security analysis and threat hunting skills
As a member of the continuous monitoring and security team, your specific responsibilities in contributing to these deliveries will consist of the following:
- Hardening of systems in compliance with DISA STIG and CIS benchmarks
- Monitoring AWS-based systems for security events, anomalies, and threats.
- Analyzing network traffic, logs, and system events using common industry tools including but not limited to Palo Alto Networks, Splunk, Burpsuite, custom bots, Nessus Tenable, TrendMicro, McAfee amongst others
- Implement detection and analysis models for common AWS services including IAM, EC2, EBS, S3, and associated security services such as Cloudtrail, Security Hub, Config and Cloudwatch
- Develop and activate incident response protocol based on NIST standards including response, remediation, and recovery
- Perform threat hunting, pro-active modeling, and continuous improvement of detection and response protocols
- Deliver well-written action reports, incident response actions and assist with client communications
- Continuous professional development in maintaining industry-specific certifications, building and maintaining a strong depth of knowledge in the practice area.
Expected Work Experience
- BS or above in related Information Technology field or equivalent combination of education and experience.
- Deep security monitoring, incident response, and threat hunting experience on cloud services.
- Demonstrated hands-on experience with security tools and technologies as well as industry best practices e.g. MITRE ATT@CK framework.
- Effective documentation skills, including technical diagrams and written descriptions.
- Ability to work independently and as part of a team with a professional attitude and demeanor.
- Critical thinking, and ability to balance security requirements with mission needs.
- Ability to work quickly, efficiently, and accurately in a dynamic and fluid environment.
- Enthusiastic about emerging technology, actively participating in the technical community, including contribution to user groups, presentations, and marketing materials.
- Must be a U.S. Citizen and eligible for a secret clearance
- Demonstrated experience with advanced security operations experience in a SOC delivering services in compliance with NIST based policies, procedures, and plans
- Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences
- Understanding of AWS and other cloud technologies
- Demonstrated experience and understanding of networks, data flows, permissions, and tools including e.g. TCP-IP, VPN, Firewalls, Zero-Trust Architectures
- Experience with penetration testing, vulnerability assessments, and supporting or interacting with Red Teams
- Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts to satisfy assessment requirements
- Industry recognized certifications such as GCIA, GCIH, Network+, Security+, or other related certifications