• Conducts investigations and responds to internal and external Information security threats.
• Implements advanced security monitoring techniques to identify malicious behavior on SaaS, cloud systems, network, and endpoints.
• Manages, administrates, and improves security monitoring products for DLP, SIEM, EDR, Cloud Security products, IDS and other security technologies.
• Develops automation response scripts to remediate threats.
• Performs threat hunting activities to identify compromised resources.
• Performs threat research and intelligence gathering to improve detection and response capabilities.
• Maintains operational playbooks, process diagrams and documentation for security monitoring and response.
• Reviews proposed Security deployments to ensure security monitoring requirements are met.
• Provides off-hour support as needed for security monitoring and response activities.
• Experience leveraging common scripting languages, including PowerShell or Python, to parse logs and automate repeatable tasks

 Incident Response

• Works closely with MDR services, external forensic providers, and in house IT teams to respond to and remediate security incidents both internal and external.
• Reviews compromised systems to identify root cause of security incidents and takes remediation actions
• Research new TTPs (tactics, techniques, and procedures) that threat actors are utilizing to undermine enterprise IT environments.
• Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable swift remediation.
• Plans, implements, and documents incident handling and response tasks and procedures.

Emerging Threats Monitoring:

• Obtains information and stays up to date on the latest threats and security trends in a fast and efficient way to keep the enterprise environment protected.
• Assists in the investigation and resolution of security issues.

• Works with business units to identify system vulnerabilities, performing hands-on cloud security risk assessments and managing remediation efforts where necessary.
• Work closely with application development teams to ensure the secure deployment and maintenance of cloud applications and infrastructure.
• Anticipates security threats and potential weaknesses in the existing cloud/software-as-a-service (SaaS) structure and helps create new technologies, processes, and systems to solve cloud security risk problems.
• Researches and creates a comprehensive strategy for cloud-native security (i.e., data classification and categorization; data segmentation; server access control; resources-based access control and access control lists; user identity access management and attestation; data-at-rest encryption; data-in-transit encryption; encryption key management, logging, auditing, and anomaly detection; and role-based access control).
• Assists in the integration of development pipelines with secure configuration parameters to remove or reduce known threat vectors and vulnerabilities in infrastructure-as-code (IaC) and continuous integration/continuous delivery (CI/CD) build configurations and release automation.
• Supports and administers an enterprise-wide cloud access security broker, security web gateway solutions, cloud management platforms, and cloud governance solutions, serving as the subject matter expert for these technologies.
• Deploys strong identity and access management controls, including cloud infrastructure entitlement management across application and cloud computing environments.