Senior Member Technical

• Improve Cloud security posture by driving incident response, application vulnerability management program execution, effectively communicating security risks, and developing meaningful action plans and tracking issues to resolution.
• Maintain and improve the Cloud security control framework in support of corporate-wide programs
• Work towards enhancing Cloud (AWS/Azure) Cloud security posture which includes risk identification and mitigation.
• Familiarity with API design, API Gateways.
• Demonstrated ability to develop CI/CD pipelines with Jenkins and Git Experience writing infrastructure as code in Terraform
• Work towards enhancing Cloud (AWS/Azure) Cloud security posture which includes risk identification and mitigation, review JSON policies etc.
• Conduct assessments of security controls for new and existing cloud systems.
• Collaborate with other CF Industries IT stakeholders to continue to evolve and implement a state-of-the-art secure cloud infrastructure.
• Ownership of moderate to complex incidents that tie to a Financial Services Technology business.
• Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats and conducting response actions to detect, contain and remediate identified security incidents.
• Coordinate containment, response, and recovery efforts in accordance with documented procedures.
• Responsible for handling security incidents reported by vendors, governing bodies, or external security researchers.
• Research and consume threat intelligence and develop security telemetry/content development to improve visibility and detection of potential adversaries and persistence mechanism.
• Create and maintain well documented and tested security incident management procedures and run books aligning with industry standard methodologies.
• Develop and share RCA (Root Cause Analysis) reports to support program development, growth, and continued alignment with threats and threat actors.
• Provide periodic progress report and updates to management for ongoing security incidents
• Lead Security Incident Tabletop test exercises and perform lessons learned exercises across various internal stakeholders.
• Conduct advanced threat hunting operations using known adversary tactics, techniques, and procedures to detect adversaries with persistent access to the enterprise; identify and prevent and/or investigate suspicious events through event, pattern, correlation, and behavioral analysis of data from a range of systems and applications.
• Cultivate awareness and strategic partnerships to ensure timely incident response.
• Work collaboratively in a follow the sun team model.

Qualifications

• Bachelor of Science degree required. Computer Science or Computer Security Degree preferred.
• 4+ years experience in information security incident response and management.
• Excellent problem-solving and analytical skills
• Strong verbal and written communication skills; able to present information in clear, concise terms to all levels in the organization, as well as business partners, vendors, and technical staff.
• Capable of performing reverse engineering and exploit analysis.
• Certifications preferred - AWS Certified Security - Specialty or CCSP, GCIH, ECIH.
• Experience with handling security incidents and investigations in AWS cloud environments.
• Working with AWS native technologies like AWS VPC, WAF, Guard Duty, Macie, Inspector, S3, CloudTrail, CloudWatch, IAM.
• Working with Microsoft Defender and Investigating security concerns by Advance threat hunting with KQL.
• Familiarity with security tools and data types to hunt and investigate security incidents, such as EDR, AV, Firewall, and IDS solutions. SIEM/Splunk or other data/log analysis platforms.
• Command line scripting or some coding proficiency (e.g., shell, python, etc.), to support digital forensics and incident response investigations
• A plus is familiar with MITRE, Att&ck, Cyber kill chain
• Ability to work on a team or independently with minimal supervision to achieve project achievements and deadlines
• A plus is familiar with government publications: National Cyber Incident Response Plan; NIST, SP 800-61; Computer Security Incident Handling Guide; NIST, SP 800-86, Guide to Applying Forensic Techniques to Incident Response; NIST, SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS); NIST, SP 800-184, Guide for Cybersecurity Event Recovery.