Senior Cloud Security Analyst/Engineer

CMA Consulting•Town of Colonie, NY

4h•Remote

About The Position

Maintain and monitor Network Intrusion Detection/Protection (IDS/IPS) rules. Perform cloud security administration for Firewalls, Endpoint Protection tools, Windows & nix patching tools. SIEM: ability to create and manage cloud alerting events. Experience with AI-enabled enterprise products such as Splunk or LogRhythm desired. Configure or perform security event scanning, detection, and analysis using available tools and platforms. Review, collect, analyze, and correlate malware and security events from network security tools and provide results and recommendations to management. Correlate SIEM events for early warning, alerting, trends and prevention. Analyze event data received to eliminate false positives and identify security events. Conduct trend analysis of security events to identify anomalous malicious activity and related events. Monitor and review cloud-based LDAP/Active Directory accounts. Maintain and update security incident tickets within corporate ITSM. Review and update assigned ITSM security tasks. Open tickets for identified security events and incidents. Manage assigned tickets by working with appropriate staff. Assist with investigations into cloud security intrusions, events, incidents, or suspicious activities. Monitor the cloud network and supporting systems to detect security compromise events. Provide reports and updates to management as needed. Incorporate input from N/SOC staff and external vendor personnel to validate potential cloud events and incidents. Monitor various cyber security threat portals and other credible sources for cyber threat information. Monitor security group mailbox for email alerts and user requests. Provide reports and attend scheduled and ad-hoc meetings as necessary. Provide network and security operations technical analysis, assessment, and recommendations to CMA staff and management as needed. Provide cloud security threat prevention recommendations. Provide enterprise-wide network systems and applications systems security log auditing or audit artifacts as needed. Additional job duties as required.

Requirements

Cloud SIEM familiarity (GCP SCC, Splunk)
BCP/IR
Endpoint detection & response (EDR) tools (Falcon, Symantec)
Cloud Infrastructure security tools (GCP SCC, GCP Cloud Armor, AWS tools, IDS/IPS, FW, DNS)
M365 familiarity (Entra, Azure, Email)
Security control frameworks (NIST, CIS, OWASP, AI RMF)

Nice To Haves

Experience with AI-enabled enterprise products such as Splunk or LogRhythm desired.
CISSP or similar
Applicable cloud vendor certifications

Responsibilities

Maintain and monitor Network Intrusion Detection/Protection (IDS/IPS) rules.
Perform cloud security administration for Firewalls, Endpoint Protection tools, Windows & nix patching tools.
SIEM: ability to create and manage cloud alerting events.
Configure or perform security event scanning, detection, and analysis using available tools and platforms.
Review, collect, analyze, and correlate malware and security events from network security tools and provide results and recommendations to management.
Correlate SIEM events for early warning, alerting, trends and prevention.
Analyze event data received to eliminate false positives and identify security events.
Conduct trend analysis of security events to identify anomalous malicious activity and related events.
Monitor and review cloud-based LDAP/Active Directory accounts.
Maintain and update security incident tickets within corporate ITSM.
Review and update assigned ITSM security tasks.
Open tickets for identified security events and incidents.
Manage assigned tickets by working with appropriate staff.
Assist with investigations into cloud security intrusions, events, incidents, or suspicious activities.
Monitor the cloud network and supporting systems to detect security compromise events.
Provide reports and updates to management as needed.
Incorporate input from N/SOC staff and external vendor personnel to validate potential cloud events and incidents.
Monitor various cyber security threat portals and other credible sources for cyber threat information.
Monitor security group mailbox for email alerts and user requests.
Provide reports and attend scheduled and ad-hoc meetings as necessary.
Provide network and security operations technical analysis, assessment, and recommendations to CMA staff and management as needed.
Provide cloud security threat prevention recommendations.
Provide enterprise-wide network systems and applications systems security log auditing or audit artifacts as needed.
Additional job duties as required.