Rates are 122K a year Location Owings Mills, MD Duration 6 months+ with potential to become permanent The Senior Cloud Security Consultant will lead the development and implementation of cloud security event monitoring and correlation architectures within the Cybersecurity Operations Center. The selected candidate should have proven experience and the ability to leverage computer network defense (CND) analyst toolsets to detect and respond to Cyber security incidents. This role conducts research and documents threats and their behavior; provides recommendations for threat mitigation strategies; employs effective communication to clearly manage security incident response procedures; and performs routine event reporting including trend reporting and analysis. PRINCIPLE ACCOUNTABILITIES: Under the direction of the Manager, CyberSecurity Monitoring, Digital Forensics and Incident Response, the incumbent is responsible for, but is not limited to, the following: Duties and Responsibilities: A cents € cents Development of strategic and tactical cloud security controls A cents € cents Implement cloud logging and monitoring components A cents € cents Automate cloud forensic processes A cents € cents Develop security monitoring use cases for all aspects of cloud components A cents € cents Implement appropriate secure cloud connectivity such as transit gateways, transit VPNs, etc. A cents € cents Develop and implement Intrusion Prevention technology in a cloud environment A cents € cents Dedicated monitoring and analysis of Cyber security events. A cents € cents Audit and review system reports and security logs for unauthorized access, noncompliant activity, or access misuse. A cents € cents Monitor and escalate incoming security requests and events of interest from different external and internal sources. A cents € cents Clearly and accurately document observations. Process incident communications to include initial reporting, follow-ups, requests for information and resolution activity. A cents € cents Follow standard operating procedures for detecting, classifying, and reporting incidents. A cents € cents Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting the customer's networks A cents € cents Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings. SCOPE DATAA$ cents A' €A' A$ cents A' €A' This position supports the overall mission of the CyberSecurity Operations Center, which is to ensure the confidentiality, integrity and availability of protected data stored throughout the enterprise. The incumbent is responsible for assessing the impact of security events on the enterprise and engaging appropriate resources for detailed technical and forensic analysis. A$ cents A' €A' A$ cents A' €A' QUALIFICATION REQUIREMENTS Required Education and Experience: A$ cents A' €A' Degree or equivalent experience: BA/BS in Information Technology, CyberSecurity, Networking, Security, MIS, Computer Science or related field Years of experience: minimum 5 years of demonstrated work experience. (Additional experience may be substituted for educational requirement.)A$ cents A' €A' A$ cents A' €A' Along with the basic qualifications, the candidate will need to have experience in the following areas: A cents € cents Cloud Security, Computing and Storage A cents € cents Forensics A cents € cents Cybersecurity threat detection, monitoring and reporting A cents € cents Incident Response A cents € cents Cyber Intelligence and Threat Hunting Specialized training (preferred, but not required): Transitioning, maintaining, or using security technologies such as Security Incident and Event Management (SIEM), Endpoint protection, Data Loss Prevention, Forensic tools, Network Anomaly Detection, Packet Capture Analysis; Incident response principles or related technical domain that is applied in the context of a broader understanding of CSIRT and related systems and processes. Certification requirements (preferred, but not required): A$ cents A' €A' A cents € cents GCIA (GIAC Certified Intrusion Analyst) A$ cents A' €A' A cents € cents GCIH (GIAC Certified Incident Handler) A$ cents A' €A' Or the ability to obtain one certification within 6 months A cents € cents AWS Certified Security Required Skills and Abilities:A$ cents A' €A' A$ cents A' €A' Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to effectively communicate. A$ cents A' €A' A$ cents A' €A' Incumbent must have a firm understanding of Information and/or Cyber Security principles. Must be able to adapt quickly to understand rapidly changing threat landscape in order to correctly scope and prioritize security events. The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc. Required skills: A cents € cents Must have 2+ years of AWS hands-on experience. A cents € cents Experience preventing, detecting, analyzing and responding to threats against sensitive information. A cents € cents Experience triaging security, network and endpoint forensic analysis, threat hunting and vulnerability escalation. A cents € cents Experience with security monitoring and reporting tools and conducting security investigations of incidents and events. A cents € cents Experience with scripting, automation and/or programming: Python, Powershell, Ansible, other orchestration tools, or equivalent. A cents € cents Experience analyzing large data sets and log files to find correlations and anomalies. A cents € cents Experience with designing and developing data acquisition pipelines; use of Kafka, ELK, SPLUNK and Big Data solutions highly preferential. A cents € cents Ability to utilize native cloud security tools in AWS and Azure to design and implement continuous monitoring solutions. A cents € cents Must have the ability to script in multiple languages include Python and AWS Preferred: A cents € cents Cloud Security Detection and Response A cents € cents SOAR technology A cents € cents ELK stack A cents € cents Hands-on experience in a hybrid (AWS/Azure) cloud environment developing and implementing security monitoring solutions. PHYSICAL DEMANDS:A$ cents A' €A' The physical demands described here are representative of those that must be met by an associate to perform the essential duties and responsibilities of the position successfully. Requirements may be modified to accommodate individuals with disabilities. The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights of up to 10 pounds are occasionally lifted.