Job Title: SIEM and Security Operations Specialist (Cloud-Focused) for a Banking Client
Job Overview:
We are seeking an experienced SIEM and Security Operations Specialist with a strong emphasis on cloud security, particularly in AWS and Azure environments. This role will focus on enhancing the organization’s detection, response, and prevention capabilities within cloud-based infrastructures. The ideal candidate will possess both technical leadership and hands-on development skills, driving innovation in cybersecurity practices.
Key Responsibilities:
-
Leadership & Development:
- Act as an individual contributor with deep expertise in Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems.
- Collaborate with developers and other stakeholders to strengthen security capabilities, guiding teams toward achieving established security objectives.
- Provide mentorship, set goals, and offer feedback to ensure continuous improvement.
-
AWS Detection Engineering:
- Lead detection engineering initiatives within SIEM/SOAR systems, specifically in AWS.
- Utilize AWS services such as GuardDuty, CloudTrail, CloudWatch, and SecurityHub to ensure strong threat detection and defense of cloud platforms and workloads.
-
SIEM and SOAR Architecture & Design:
- Architect scalable and efficient SIEM/SOAR solutions, working closely with internal teams including cybersecurity and IT operations.
- Review and adjust architectures regularly to keep pace with evolving security threats and business requirements.
-
Development & Implementation:
- Assist in developing custom applications aimed at advanced threat detection.
- Integrate multiple data sources, security tools, and threat intelligence to improve detection and response capabilities.
-
Security Incident Management:
- Develop proactive strategies for threat detection and incident response.
- Collaborate with the Incident Response team to streamline threat-handling procedures and mitigate future risks.
-
Performance Optimization:
- Continuously monitor and optimize SIEM/SOAR systems to ensure they operate at peak efficiency.
- Implement system upgrades to handle increased data volumes and enhance overall performance.
-
Compliance and Policy Adherence:
- Ensure compliance with industry regulations and internal security policies regarding SIEM/SOAR systems.
- Collaborate with compliance teams for audits and assessments, ensuring all systems adhere to necessary standards.
-
Research and Innovation:
- Stay informed on the latest cybersecurity trends and emerging technologies.
- Test and implement new tools, techniques, and detection technologies to enhance cloud security capabilities.
Required Skills & Qualifications:
- SIEM and Security Operations: Minimum of 3+ years of experience working with SIEM tools such as Splunk ES, Anvilogic, Palo Alto Cortex, MS Sentinel, and Crowdstrike.
- Cloud Security: Strong experience with cloud environments, including AWS, GCP, and Azure. Expertise in AWS security services like GuardDuty, SecurityHub, and CloudTrail is essential.
- Programming Skills: Proficiency in Python and C++ for developing custom security solutions.
- Wiz Experience: 2+ years of experience with Wiz, a leading cloud security platform.
- Detection and Response: 3+ years of experience with detection and response systems, focusing on threat identification and management.
- Certifications: Preferred certifications in relevant security areas, such as AWS, GCP, or specific SIEM tools.
Preferred Skills:
- Infrastructure as Code (IaC): Experience with tools like CDK, CloudFormation, and Terraform for managing cloud infrastructure.
- Version Control & Agile: Familiarity with Git for source code management and Agile methodologies for team collaboration.
- Strong communication skills to effectively collaborate with technical teams and stakeholders.