Cloud Security Operations Analyst (REMOTE)

About The Position

Requirements

• Deep expertise in AWS, Azure, GCP, and OCI cloud security services.
• Hands-on experience with CNAPP platforms (e.g., Wiz, Prisma Cloud, Orca).
• Proficiency in threat detection rule creation, tuning and alert response leveraging tools such as CrowdStrike, Wiz Defend, AWS GuardDuty, etc. Respond to Kubernetes and Cloud Container threat alerts (e.g., unusual API invocations) and tune detection rules accordingly
• Strong knowledge of SIEM/SOAR platforms (e.g., Splunk, Sentinel, Elastic, Tines).
• Experience in cloud forensics and incident response workflows.
• Familiarity with infrastructure-as-code (IaC) tools (Terraform, CloudFormation).
• Strong analytical, investigative, and documentation skills.
• Excellent communication and leadership abilities.
• 7+ years' experience in a cyber security, cyber investigations, cyber threat intelligence, or combination of these three roles.
• Undergraduate degree in technical discipline, Computer Science or related field required.

Nice To Haves

• Graduate degree preferred.
• CISSP, AWS Cloud Practitioner, AWS Certified Security - Specialty, or other cloud specific certifications preferred.
• Automation and scripting for WAF operations.
• Machine Learning and behavioral analytics for traffic anomalies.

Responsibilities

• Threat Detection & Investigation Deploy and optimize cloud-native and third-party threat detection platforms (e.g., AWS GuardDuty, Azure Defender, GCP SCC). Investigate alerts using telemetry, behavioral analytics, and AI/ML-based anomaly detection. Align detection logic with MITRE ATT&CK and CSA CCM frameworks
• Rule Creation & CNAPP Integration Author and tune detection rules leveraging CNAPP platforms (e.g., Wiz, Prisma Cloud, Orca). Integrate CNAPP telemetry into SIEM/SOAR workflows for automated response Monitoring and manage security configurations for cloud services in a multi-cloud environment.
• Mitigation Strategy Development Design and implement dynamic playbooks for threat containment and remediation. Collaborate with DevOps and product teams to embed security controls into CI/CD pipelines. Exposure to cloud security guardrail automation, such as AWS SCP and Azure Policies.
• Incident Response & Forensics Lead incident triage and root cause analysis across cloud environments. Conduct forensic investigations using cloud-native tools and third-party platforms. Document findings and contribute to post-incident reviews and continuous improvement
• Security Architecture & Governance Provide guidance on secure cloud architecture, access controls, and data protection. Firm understanding of cloud security best practices and cloud well architected frameworks. Ensure compliance with SOX, GDPR, and internal governance policies