Roles and responsibilities:
- Considered subject matter expert within discipline
- Solves complex problems; takes a broad perspective to identify innovative solutions
- Can either work independently on in teams
- Requests guidance in complex situations or when needed
- Interprets challenges and recommends best practices to improve processes
- Capacity to lead functional teams or projects to solve complex problems and deliver solutions.
- Communicates difficult concepts and negotiates with others to conclude on goalcentric points of view
- Provides resolution support to wide array of issues that are complex in scope.
- Contributes to departmental business planning and solution design
- Uses expert level Cyber Security knowledge base to complete tasks.
- Intrinsic understanding of software development life cycles
- Excellent oral and written communication skills
- Understanding of security by design principles architecture concepts & security frameworks (NIST PCI OWASP etc.)
- Knowledge of current and emerging security technologies threats and techniques for exploiting security vulnerabilities in
- the code or application
Requirements
Requirements:
- 6 years of experience working with systems deployed on AWS
- 4 years of technical experience in Incident Management for AWS Cloud solutions
- 1 years of experience with AWS Incident Detection and Response
- Demonstrated experience using Splunk for Incident Management and processes supported by Okta CIAM PhishER PagerDuty Imperva CrowdStrike AWS Guard Duty Defender for Cloud Apps etc.
- Incident Management (2 years minimum)
- Risk Management techniques (2 years minimum)
- Vulnerability Management
- Web Application Firewalls such as Imperva
- As a subject matter expert or stakeholder has previously supported information security audits in any of the following
- frameworks or regulations: PCI DSS NIST SOC 1 or 2 ISO 27001 SarbanesOxley (SOX) or HITRUST
- Experience in analyzing threats of cloud and application components such as findings from Security Assessments
Nice to have:
- Familiarity with Jira GitHub Okta WordPress Qualys VMDR Jenkins Rancher Terraform Snyk & Contrast
- Familiarity with some of the following concepts:
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
- SCA (Software Composition Analysis)
- SBOM (Software Bill of Materials)
- Image Scanning
- SOAR (Security Orchestration Automation and Response) good if experienced in
- IaC (Infrastructure as Code)
- Threat Modeling
- PenTesting (Web App Mobile External)
- CSA (Cloud Security Assessment)
- Familiarity with Java (including npm and Maven) Docker & Kubernetes
AWS, Incident Management, Imperva, SOAR, IaC, AWS cloud, DAST, SAST, SCA, , C|EH