Security Operations Center Cloud Engineer

About The Position

Requirements

• 8+ years of related experience in IT and Cyber Security.
• 3+ years of direct experience securing AWS and Azure cloud environments.
• 5+ years of experience working in an operational security environment (e.g., SOC, NOC).
• Bachelor’s degree in Cybersecurity, Computer Science, or related field preferred.
• One or more of the following certifications preferred: AWS Certified Security - Specialty, Azure Security Engineer Associate, GCIH, GCIA, GCFA.
• Experience using SIEM platforms (preferably Splunk) for log ingestion, correlation, and threat detection in cloud environments.
• Strong knowledge of AWS and Azure security services such as GuardDuty, Security Hub, IAM, VPC Flow Logs, Azure Activity Logs, Defender for Cloud, and Sentinel.
• Familiarity with cloud IAM, network configurations, encryption, and resource monitoring in AWS and Azure.
• Hands-on experience with endpoint protection platforms, IDS/IPS, and firewalls in hybrid and cloud networks.
• Scripting skills (e.g., Python, PowerShell, Bash) for automating detections, investigations, or response actions.
• Deep understanding of network protocols such as TCP/IP, HTTP/S, and DNS as they relate to cloud services.
• Detail-oriented with strong analytical skills and the ability to troubleshoot complex security issues.
• Strong problem-solving and analytical skills with attention to detail.
• Ability to work independently and collaboratively in a fast-paced environment.
• Self-starter with strong interpersonal, written and verbal communication skills and the ability to interact with technical and non-technical stakeholders.

Nice To Haves

• Experience with cloud forensic techniques and incident response is a strong plus.
• Exposure to container security, Infrastructure-as-Code (IaC), and CI/CD security best practices in cloud environments is a plus.
• Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect OR Splunk Cloud Certified Admin, Splunk SOAR Certified Automation Developer preferred

Responsibilities

• Collect, monitor, and analyze log sources from AWS and Azure, including CloudTrail, GuardDuty, Security Hub, Azure Activity Logs, Defender for Cloud, and other relevant telemetry sources.
• Ensure AWS and Azure log sources are properly ingested into the SIEM (e.g., Splunk) and normalized for effective detection, alerting, and investigation.
• Design and implement cloud threat detections for activities such as unauthorized access, privilege escalation, lateral movement, and data exfiltration in cloud environments.
• Collaborate with SOC analysts to triage and respond to security alerts and incidents related to AWS and Azure platforms.
• Proactively hunt for threats in AWS and Azure environments using SIEM, native cloud tools, and EDR platforms.
• Develop, document, and automate cloud incident response procedures using SOAR platforms such as Splunk SOAR.
• Work with infrastructure and DevOps teams to improve visibility and security posture across AWS and Azure.
• Stay up to date on new and evolving threats and vulnerabilities targeting cloud platforms and recommend appropriate mitigations.
• Mentor and support junior analysts on cloud detection and response techniques.