L3 Security Specialist - Cloud Security & DevOps

Experience Required

8-12 years in Information Security with minimum 5 years in cloud security and SIEM operations

Cloud Security Management

· Design, implement, and maintain security architectures across Azure and AWS multi-cloud environments

· Lead security assessments, vulnerability management, and penetration testing initiatives

· Architect and enforce security policies, standards, and best practices for cloud infrastructure

· Manage identity and access management (IAM) policies, roles, and permissions across both platforms

· Implement and maintain security monitoring, logging, and SIEM solutions

· Lead incident response activities and conduct root cause analysis for security events

SIEM Operations & Security Monitoring

· Design, deploy, and manage enterprise SIEM platforms (Splunk, Azure Sentinel, IBM QRadar, LogRhythm)

· Develop and optimize correlation rules, alerts, and detection use cases

· Create custom parsers and data connectors for log ingestion from multiple sources

· Implement advanced threat hunting and analytics using SPL, KQL, or similar query languages

· Manage log retention, archival, and compliance requirements

· Integrate SIEM with SOAR platforms for automated incident response

· Tune alert thresholds to minimize false positives while maintaining detection effectiveness

· Generate security metrics, dashboards, and executive-level reports

· Conduct regular health checks and performance optimization of SIEM infrastructure

Major Security Areas

1. Identity & Access Management (IAM)

· Implement least privilege access and role-based access control (RBAC)

· Manage Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM)

· Configure Azure AD, AWS IAM, Okta, and other identity providers

· Implement Just-In-Time (JIT) access and Privileged Identity Management (PIM)

· Conduct access reviews and entitlement management

2. Data Security & Encryption

· Implement data classification and Data Loss Prevention (DLP) solutions

· Manage encryption at rest and in transit across all platforms

· Configure key management systems (KMS) and Hardware Security Modules (HSM)

· Implement database security controls and monitoring

· Design data masking and tokenization strategies

3. Endpoint Security

· Deploy and manage EDR/XDR solutions (CrowdStrike, Microsoft Defender, Carbon Black)

· Implement anti-malware, host-based firewalls, and security agents

· Manage mobile device management (MDM) and endpoint compliance

· Configure application whitelisting and device control policies

4. Vulnerability Management

· Lead enterprise vulnerability assessment programs

· Manage scanning tools (Qualys, Nessus, Rapid7, Tenable)

· Prioritize vulnerabilities using CVSS scoring and business context

· Track remediation efforts and report on security posture

· Conduct regular penetration testing and red team exercises

5. Threat Intelligence & Hunting

· Leverage threat intelligence feeds and platforms (MISP, ThreatConnect, Recorded Future)

· Conduct proactive threat hunting using MITRE ATT&CK framework

· Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)

· Develop custom threat detection rules and signatures

· Participate in threat intelligence sharing communities

6. Incident Response & Forensics

· Lead security incident response following NIST guidelines

· Conduct digital forensics and malware analysis

· Manage security operations center (SOC) escalations

· Develop and maintain incident response playbooks

· Coordinate with external stakeholders during breaches

7. Cloud Security Posture Management (CSPM)

· Implement CSPM tools (Prisma Cloud, CloudGuard, Azure Security Center)

· Continuously monitor cloud configurations for security risks

· Remediate misconfigurations and security drift

· Enforce cloud security baselines and CIS benchmarks

8. Compliance & Risk Management

· Ensure compliance with ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, NIST, FedRAMP

· Conduct security audits and prepare compliance reports

· Perform risk assessments and develop risk mitigation strategies

· Manage security governance frameworks

· Develop and maintain security documentation, runbooks, and procedures

Required Skills & Expertise

Cloud Platforms

· Azure: Azure Security Center, Microsoft Defender for Cloud, Azure Sentinel, Azure AD, Azure Policy, Azure Firewall, Application Gateway, NSGs, Azure Monitor, Azure Key Vault, Microsoft Defender for Identity

· AWS: AWS Security Hub, GuardDuty, AWS IAM, Security Groups, AWS WAF, CloudTrail, Config, Inspector, Macie, KMS, CloudWatch, Systems Manager, AWS Shield

SIEM & Security Monitoring

· SIEM Platforms: Expert-level proficiency in Splunk Enterprise Security, Azure Sentinel (Microsoft Sentinel), IBM QRadar, LogRhythm, Elastic SIEM

· Query Languages: SPL (Splunk), KQL (Kusto Query Language), SQL for security analytics

· Log Management: Log aggregation, parsing, normalization from diverse sources (Windows, Linux, cloud, network devices, applications)

· Correlation & Analytics: Creating correlation searches, threat detection rules, behavioral analytics

· SOAR Integration: Integration with Security Orchestration and Automated Response platforms (Splunk SOAR, Azure Logic Apps, Palo Alto Cortex XSOAR)

· Threat Detection: Building use cases for ATT&CK framework, anomaly detection, user behavior analytics (UEBA)

Security Tools & Technologies

· Vulnerability Management: Qualys, Nessus, Rapid7, Tenable, OpenVAS

· EDR/XDR: CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black, SentinelOne

· CASB: Microsoft Defender for Cloud Apps, Netskope, Zscaler

· DLP: Symantec DLP, Microsoft Purview, Forcepoint

· PAM: CyberArk, BeyondTrust, Thycotic Secret Server

· API Security: Apigee, Kong, AWS API Gateway security

Security Frameworks & Standards

· NIST Cybersecurity Framework (CSF)

· NIST SP 800-53, 800-171

· CIS Benchmarks and Controls

· OWASP Top 10 & OWASP ASVS

· MITRE ATT&CK Framework

· Zero Trust Architecture (NIST SP 800-207)

· Cloud Security Alliance (CSA) Cloud Controls Matrix

· ISO 27001/27002

· PCI-DSS, HIPAA, GDPR, SOC 2

Highly Preferred certifications:

· Certified Cloud Security Professional (CCSP)

· GIAC Security Essentials (GSEC) or GIAC Certified Incident Handler (GCIH)

· Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)

· Certified Kubernetes Security Specialist (CKS)