Staff CyberSecurity Analyst

About The Position

Requirements

• Bachelor’s degree in related field (e.g., Cybersecurity, Computer Science, Computer Engineering, Information Technology, System Analysis, Business, etc.) or equivalent combination of education and work experience.
• 8+ years of experience in IT/network security/cybersecurity with cloud focus.
• Extensive experience in information risk concepts and principles, as a means of relating business needs to security controls.
• Proficiency in advanced cloud security tools, technologies (e.g. CSPM, WAF) and best practices.
• Expertise in network security protocols and practices.
• Strong understanding of cloud security controls, conceptual models, and frameworks to monitor security posture and enhance security features.
• Solid knowledge of current and emerging technologies.
• Proficiency with security frameworks (e.g., NIST, ISO, etc.).
• Experience in DevOps and Agile technology environments.
• Proven experience in working with multiple, diverse technologies and processing environments.
• Native-level proficiency/fluent in English.

Nice To Haves

• Advanced Information Security Certifications, e.g., CISSP, etc.
• Advanced Cloud Certifications and/or specialties, e.g., AWS Security Specialty, AWS Certified Solutions Architect, etc.
• Extensive experience in the development and implementation of cloud security strategies, policies, and procedures.
• Demonstrated problem-solving skills to anticipate, identify, and define problems and root causes.
• Proven ability to manage several projects simultaneously, while balancing multiple stakeholder priorities.
• Ability to educate various personnel regarding information security compliance, policies, and standards.
• Knowledge of containerization technologies, such as Docker and Kubernetes, and how to secure applications within those environments.
• Ability to monitor and report status on security matters to develop security risk analysis scenarios and response procedures.
• Experience with security information and event management (SIEM) systems.
• Knowledge and application of advanced threat detection and mitigation techniques.
• Experience with diagramming tools (e.g. Visio, Miro, draw.io).
• Experience with automation scripting (e.g. Python, PowerShell, Bash)
• Experience with SaaS Security Posture Management (SSPM) platforms.

Responsibilities

• Lead service, system, and infrastructure assessments of major cloud environments to identify deviations from acceptable configurations, or policies.
• Work with internal and external teams to develop cloud-specific security policies, procedures, standards, guardrails and design security controls for IaaS, PaaS, and SaaS.
• Work with developers to respond to escalated problems from System Administrators or other Engineers.
• Maintain comprehensive documentation, understand and practice operating procedures, playbooks and other cloud security-related activities.
• Monitor, track, and mentor on cloud projects, programs, tools, systems, applications and networks for security issues.
• Regularly review Cloud Security Posture Management (CSPM) and Endpoint Protection findings to identify and address infrastructure configuration issues and security vulnerabilities proactively.
• Utilize CSPM solution to monitor and manage the configuration of infrastructure-as-code (IaC) frameworks, ensuring strict adherence to established security standards and policies.
• Collaborate with cross-functional teams to integrate security into the CI/CD pipelines and ensure continuous security throughout the software development lifecycle.
• Implement, manage, and maintain a Web Application Firewall (WAF) to protect web applications and APIs from a variety of online threats.
• Lead security assessments, evaluations and audits to determine compliance with published standards.
• Collaborate with external teams to promptly address and resolve cybersecurity incidents, ensuring effective communication and coordinated response efforts.
• Hypothesize & validate new threats and indicators of compromise.
• Identify cyber threats by monitoring security systems, triaging alerts, and reviewing logs.
• Research, analyze, and document the applicability and feasibility of Cyber technology to enhance SGWS security.
• Ensure all operations are in accordance with operating procedures and report any issues to management.
• Provide guidance on security options and decisions for concerns and violations.
• Develop and support report generation for diverse stakeholders in Excel or other tools.
• Participate in Information Security projects and support team efforts for day-to-day operations.
• Provide technical support for routine security services.
• Perform capacity and future growth planning of the enterprise security infrastructure to ensure a highly available security environment.
• Administer cybersecurity technologies and ensure monitoring systems operate normally, escalating issues to management as needed.
• Troubleshoot and evaluate risk management processes; assess and mitigate risks.
• Apply laws, regulations, policies and ethics in daily practice.
• Occasionally participate in after-hours in the event of emergencies or critical situations.
• Employ strong creative, critical thinking and in-depth hands-on cloud experience to effectively identify, mitigate, and respond to security risks within complex, real-world cloud environments.
• Maintain awareness of emerging cloud threats to proactively defend against evolving attack vectors and ensure a resilient security posture in dynamic cloud environments.
• Advanced knowledge of all cloud security pillars, including Identity and Access Management (IAM), Data Encryption and Protection, Network Security (firewalls), Infrastructure/Workload Protection (virtual machines, containers, and serverless functions), and Incident Response and Recovery.

Benefits

• comprehensive medical and prescription drug coverage
• dental and vision plans
• tax-saving Flexible Spending Accounts
• disability coverage
• life insurance plans
• a 401(k) plan
• tuition assistance
• a wellness program
• parental leave
• vacation accrual
• paid sick leave