Key skills
Cloud Security EngineeringCyber Threat HuntingIncident ResponseAWSAzureGoogle CloudCloud Security CertificationsUnderstanding Cybersecurity PoliciesEffective CommunicationTeam CollaborationSaaSCommunicationCloud Security
About this role
Tyto Athene is searching for an enthusiastic Cloud Security Engineer to help their largest Federal client monitor and secure their rapidly expanding cloud footprint against would-be attackers. The successful candidate will be responsible for leading cloud incident response activities, developing monitoring use cases, and ensuring visibility into cloud workloads.
Responsibilities:
- Perform cloud hunting and identify embedded threats effectively and efficiently
- Review and analyze cloud logs to bring relevance and context to the data
- Lead cloud incident response activities as they occur
- Develop a full set of cloud incident response playbooks
- Work with stakeholders to ensure full visibility into workloads running in the cloud
- Ensure all cloud logs are onboarded to the SIEM tool and the correct events are logged
- Develop and implement a full set of monitoring use cases to enable DOJ security tools to immediately and automatically detect cloud threats
- Continuously tune security tools for optimization, i.e., maximum blocking with minimal false positives
- Devise and implement additional KPIs and metrics that help DOJ monitor the overall health of this function
- Ensure and enable DOJ's participation in threat information-sharing initiatives across the USG
- Assist the engineering team with the deployment, configuration, and maintenance of cloud-based SOC tools, technologies, applications, and solutions
- Perform research and lead proof of concept efforts to determine where additional technologies may be necessary
Requirements:
- Able to work normal business hours (core) and occasional/limited on-call hours as requested by the client and/or as required by operational demands (e.g., during major incidents)
- Eight (8) years of cyber security experience, with at least six (6) of those years working as a Cloud Security Engineer in an enterprise SOC environment
- Demonstrated expertise in performing cyber threat hunting activities in cloud environments (e.g., SaaS, PaaS, IaaS, including O365, SIEM, EDR, and other cloud-based applications) is critically important
- Demonstrated experience leading incident response activities when cloud-based tools and systems are involved
- Experience across all major cloud providers (AWS, Azure, Google)
- Bachelor's degree required OR additional relevant experience
- Ability to work as an integral part of a high-performing SOC team is required
- Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms
- Understanding of recent cybersecurity policies and mandates such as EO 14028, M-21-31, NSM-8, and their impact on SOC activities
- Advance level Cloud Security certifications are strongly preferred (e.g.., AWS Security Specialty certification)
- CISSP, GCIH, and similar certifications are a plus