Cloud Security Incident Responder

• Lead and/or support in-depth triage and investigations of assigned cyber incidents in cloud
• Perform incident response functions including cloud-focused investigations by analyzing logs
• Execution of automation to gather forensic artifacts for in-depth analysis
• Execution of cloud-native automation to run resource containment actions
• Conduct host-based analytical functions to uncover Indicators of Compromise
• Documentation of investigation analysis
• Develop, document and maintain operationally effective playbooks to deal with cloud-based incidents
• Take ownership for and drive the development of new automation capabilities
• Work with application and infrastructure stakeholders to identify key components and information sources
• Collaborate with global multidisciplinary groups for triaging and investigating large-scale security incidents
• Build and nurture key stakeholder relationships
• Actively participate in Threat modeling of new services/capabilities, readiness exercises

• Strong technical expertise in relevant Cloud security tools and technologies (e.g. EDR, SIEM, Container security, SSPM, CNAPP, etc.)
• Solid team player with the ability to work in multi-disciplinary team of teams with DevSecOps practitioners
• Exceptional communication and presentation skills to convey complex technical matters to senior security stakeholders and leadership
• Strong understanding of security incident response processes, excellent technical documentation skills and proven analytical skills
• Deep knowledge of public cloud services used in modern cloud-native containerized applications
• Advanced proficiency with cloud security focused services such as Guard Duty, SCC, IAM, etc.
• Hands-on experience with CI/CD methodologies and tools that support modern deployment practices into public cloud
• Proficient with public cloud services focused on automation such as SSM, Lambda, Cloud Functions, etc.
• Experience with various log aggregation/data analytics tools, such as Splunk, Sentinel, etc.
• Familiarity with security constructs of SaaS and PaaS offerings such as Snowflake, MongoDB
• Windows Operating Systems / UNIX specifically in command line use and basic file system knowledge
• Industry-accredited certifications required (e.g., AWS Security Specialty, GCP Professional Security Engineer, CKA/CKS, SC-200, SC-400, AZ-500)

Prior experience of using security-oriented tools such as Aquasec, Twistlock, Wiz, Lacework, AppOmni, etc.

• Cafeteria Program
• Home Office Allowance
• Paid Parental Leave Program (maternity and paternity leave)
• Private Medical Care Program and onsite medical rooms
• Pension Plan Contribution to voluntary pension fund
• Group Life Insurance
• Employee Assistance Program
• Access to learning and development programs
• Flexible work arrangements
• Career progression opportunities across geographies and business lines
• Socially active employee communities with diverse networking opportunities