SOC Cloud Security SME

A Cyber SOC Cloud Security SME - plays a crucial role in safeguarding the organization against cyber threats by designing, enabling and implementing the cloud security and governance processes and technical oversight. Heres a detailed job description for such a role:

Overview:

As a SOC cloud security SME, you will require deep technical expertise in cloud security frameworks, hands-on experience with any security and SIEM tools and the ability to guide enterprise-wide security initiatives. The role will require you to drive our cloud security strategy, architecture, and implementation across multi-cloud environments including but not limited to the management of the security tooling used for exposure management, threat hunting and cloud security posture management across multi-cloud environments. The role requires partnership with multiple groups including SOC, threat intelligence management, exposure management, cloud operations, cloud engineering and architecture teams on related activities, which can include incorporating other intelligence from various sources, assess the relevance, and provide actionable insights to enhance our cybersecurity posture.

Key Responsibilities:

• Technical tools implementation and oversight:

Manage the Cloud Security tools platform, including maintenance of policies, procedures and rule sets. Configure and optimize cloud security tools for CSPM, CWPP, CNAPP, SIEM integration. Provide domain expertise in cloud security and compliance and be a trusted technical advisor. Propose solutions to cloud security and compliance challenges. Recommend cloud security architectures and solutions to meet and exceed security requirements. Define technical control requirements, evaluate existing tool effectiveness, and propose solutions to enhance the companys security posture

• Governance and Compliance:

Ensure compliance with industry standards like SOC 2, ISO 27001, CIS Controls, OWASP, GDPR. Develop security monitoring, alerting, and incident response procedures. Conduct security reviews of cloud deployments and configurations. Maintain security documentation and runbooks. Perform cloud security assessments, code audits and design reviews

• Incident Response and Investigation:

Conduct in-depth investigations into security incidents, anomalies, and breaches, partnering with cloud support, engineering and architecture teams.

• Collaboration and Communication:

Partner with Threat Intelligence and SOC teams to conduct research for identification of new attack vectors. Collaborate with Exposure Management team to facilitate mitigation of vulnerabilities. Collaborate with other infrastructure and application teams, business stakeholders, and management to ensure effective cloud security monitoring and incident response.

Work with architecture and engineering teams in specifying technical requirements to support shared components deployed according to NIST, CIS Controls, OWASP and other applicable security, privacy requirements, frameworks and compliance requirements.

• Documentation and Knowledge Management:

Maintain comprehensive documentation of Cloud security configurations, operational procedures, and security findings for knowledge sharing and audit purposes. Maintain incident response documentation as needed.

Strong understanding of cybersecurity concepts and best practices.

• Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), or other relevant certifications.
• Experience with various public cloud services Using Azure / AWS / GCP strongly preferred.
• Preferable: Experience in CrowdStrike Ecosystem particularly with Falcon platform modules (Endpoint Protection, Cloud Workload Protection, Identity Protection)
• CSPM Tools: Proficiency with CrowdStrike Falcon Cloud Security (preferred) or equivalent platforms (Prisma Cloud, Wiz, Orca Security)
• Infrastructure: Kubernetes, containers, serverless architectures
• Automation: Terraform, CloudFormation, scripting (Python, PowerShell)
• Networking: VPCs, firewalls, load balancers, DNS security
• Identity: IAM, SSO, privileged access management
• Solid understanding of computer and network security including but not limited to cryptography (PKI, certificate management, etc. ), network protocols and relevant work experience in web application security
• Experience with security testing methodologies and tools
• Experience with security tools including SIEM, SOAR, vulnerability scanners, endpoint detection systems.
• Knowledge of various security technologies (e. g. , firewalls, intrusion detection systems, endpoint security).
• Proficiency in scripting languages (e. g. , Python, PowerShell).
• Proven Experience with log analysis and data visualization tools.
• Excellent analytical, problem-solving, and troubleshooting skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team