Senior Cloud Security Analyst – Amazon Store

About Us: 

AdNet/AccountNet, Inc. is an 8(a), WOSB, LGBTE, and WBE owned management consulting firm founded in 1990. We blend the best in people with the ongoing demands of the workplace by providing high-quality staffing and executive search services.

All applicants for this position must be DC-based - no exceptions.

IT Department Overview
Our mission is to collaborate and deliver secure, stable, and reliable IT solutions that meet organizational needs, with a focus on high-end user satisfaction and cost-effectiveness. The IT Department is a dedicated team of collaborative professionals committed to providing world-class support and driving innovation for a primarily U.S.-based staff. We leverage modern and, in some cases, cutting-edge tools and technologies to support our mission.

Position Summary: Senior Cloud Security Analyst
The Senior Cloud Security Analyst plays a key role in advancing the organization's cybersecurity initiatives. This individual will lead and contribute to multiple security-focused projects, working closely with the broader IT team to assess and strengthen the organization's cloud security posture. Responsibilities include identifying and remediating configuration vulnerabilities across cloud platforms, infrastructure, and services.

The role also involves enhancing the organization's advanced threat detection and incident response capabilities through real-time intelligence, threat research, automation, and innovative solutions. In addition, the analyst will support projects related to the organizations compliance with the NIST Cybersecurity Framework (CSF), including risk mitigation efforts. This position may also include special project management responsibilities as assigned.

Reports To: Director of Cybersecurity

Qualifications/Skills:

The candidate must possess the following skills and educational achievements:

• Must be a strategic thinker, able to understand and act upon the organization's objectives.
• Excellent verbal and written communication skills.
• Strong problem solving and research skills.
• Event analysis expertise leveraging Security Information and Event Managment (SIEM) and cloud native tools.
• Incident investigation and response expertise, including the ability to interpret cloud platform alerts and events and parse through logs and analyze log data.
• Knowledge of current threat landscape, including knowledge of malware operation and indicators.
• Deep understanding of identity management and access security for cloud environments.
• Security and architecture experience with AWS, Azure, M365, and SaaS platforms with expertise in one or more platforms.
• Familiarity with cybersecurity standards and frameworks, and knowledge of audit requirements (e.g., NIST, PCI, HIPPA, etc.)
• Undergraduate or Master's Degree in Cybersecurity or related field or commensurate experience.
• Certification of one or more of the following, preferred: ISC2 CCSP, AWS Certified Security Specialty, MS Certified Azure Engineer Associate.
• 5+ years' experience in cybersecurity.
• Able to identify, select, track, and report on security metrics.

Detailed Duties:

• Proactively hunt for abnormal configuration, permissions, workloads, user behaviors or other indicators of compromise.
• Identify and respond to cyber threats occurring within the company's cloud environments.
• Enhance security monitoring, alerting and automated response capabilities and improve existing threat hunting capabilities that align with the global direction.
• Monitor, investigate and analyze logs and security-related events utilizing existing tools in the environment. Improve the meaningfulness of alerts and reduce the instances of false positives by calibrating the alert thresholds.
• Creating and maintaining playbooks and automated response capabilities.
• Stay up to date with current threat actors and the TTPs used by actively researching emerging Indicators of Compromise/Attack, exploits and vulnerabilities with the intent of operationalizing findings to better protect our networks.
• Fulfill responsibilities as it relates to POAMs generated from risk assessments.
• Lead time-sensitive projects tied to risk remediations, including ensuring completion of such projects per agreed upon schedule.