L3 Security Specialist

Experience Required 8-12 years in Information Security with minimum 5 years in cloud security and SIEM operationsCloud Security Management· Design, implement, and maintain security architectures across Azure and AWS multi-cloud environments· Lead security assessments, vulnerability management, and penetration testing initiatives· Architect and enforce security policies, standards, and best practices for cloud infrastructure· Manage identity and access management (IAM) policies, roles, and permissions across both platforms· Implement and maintain security monitoring, logging, and SIEM solutions· Lead incident response activities and conduct root cause analysis for security eventsSIEM Operations & Security Monitoring· Design, deploy, and manage enterprise SIEM platforms (Splunk, Azure Sentinel, IBM QRadar, LogRhythm)· Develop and optimize correlation rules, alerts, and detection use cases· Create custom parsers and data connectors for log ingestion from multiple sources· Implement advanced threat hunting and analytics using SPL, KQL, or similar query languages· Manage log retention, archival, and compliance requirements· Integrate SIEM with SOAR platforms for automated incident response· Tune alert thresholds to minimize false positives while maintaining detection effectiveness· Generate security metrics, dashboards, and executive-level reports· Conduct regular health checks and performance optimization of SIEM infrastructureMajor Security Areas1. Identity & Access Management (IAM)· Implement least privilege access and role-based access control (RBAC)· Manage Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM)· Configure Azure AD, AWS IAM, Okta, and other identity providers· Implement Just-In-Time (JIT) access and Privileged Identity Management (PIM)· Conduct access reviews and entitlement management2. Data Security & Encryption· Implement data classification and Data Loss Prevention (DLP) solutions· Manage encryption at rest and in transit across all platforms· Configure key management systems (KMS) and Hardware Security Modules (HSM)· Implement database security controls and monitoring· Design data masking and tokenization strategies3. Endpoint Security· Deploy and manage EDR/XDR solutions (CrowdStrike, Microsoft Defender, Carbon Black)· Implement anti-malware, host-based firewalls, and security agents· Manage mobile device management (MDM) and endpoint compliance· Configure application whitelisting and device control policies4. Vulnerability Management· Lead enterprise vulnerability assessment programs· Manage scanning tools (Qualys, Nessus, Rapid7, Tenable)· Prioritize vulnerabilities using CVSS scoring and business context· Track remediation efforts and report on security posture· Conduct regular penetration testing and red team exercises5. Threat Intelligence & Hunting· Leverage threat intelligence feeds and platforms (MISP, ThreatConnect, Recorded Future)· Conduct proactive threat hunting using MITRE ATT&CK framework· Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)· Develop custom threat detection rules and signatures· Participate in threat intelligence sharing communities6. Incident Response & Forensics· Lead security incident response following NIST guidelines· Conduct digital forensics and malware analysis· Manage security operations center (SOC) escalations· Develop and maintain incident response playbooks· Coordinate with external stakeholders during breaches7. Cloud Security Posture Management (CSPM)· Implement CSPM tools (Prisma Cloud, CloudGuard, Azure Security Center)· Continuously monitor cloud configurations for security risks· Remediate misconfigurations and security drift· Enforce cloud security baselines and CIS benchmarks8. Compliance & Risk Management· Ensure compliance with ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, NIST, FedRAMP· Conduct security audits and prepare compliance reports· Perform risk assessments and develop risk mitigation strategies· Manage security governance frameworks· Develop and maintain security documentation, runbooks, and proceduresRequired Skills & ExpertiseCloud Platforms· Azure: Azure Security Center, Microsoft Defender for Cloud, Azure Sentinel, Azure AD, Azure Policy, Azure Firewall, Application Gateway, NSGs, Azure Monitor, Azure Key Vault, Microsoft Defender for Identity· AWS: AWS Security Hub, GuardDuty, AWS IAM, Security Groups, AWS WAF, CloudTrail, Config, Inspector, Macie, KMS, CloudWatch, Systems Manager, AWS ShieldSIEM & Security Monitoring· SIEM Platforms: Expert-level proficiency in Splunk Enterprise Security, Azure Sentinel (Microsoft Sentinel), IBM QRadar, LogRhythm, Elastic SIEM· Query Languages: SPL (Splunk), KQL (Kusto Query Language), SQL for security analytics· Log Management: Log aggregation, parsing, normalization from diverse sources (Windows, Linux, cloud, network devices, applications)· Correlation & Analytics: Creating correlation searches, threat detection rules, behavioral analytics· SOAR Integration: Integration with Security Orchestration and Automated Response platforms (Splunk SOAR, Azure Logic Apps, Palo Alto Cortex XSOAR)· Threat Detection: Building use cases for ATT&CK framework, anomaly detection, user behavior analytics (UEBA)Security Tools & Technologies· Vulnerability Management: Qualys, Nessus, Rapid7, Tenable, OpenVAS· EDR/XDR: CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black, SentinelOne· CASB: Microsoft Defender for Cloud Apps, Netskope, Zscaler· DLP: Symantec DLP, Microsoft Purview, Forcepoint· PAM: CyberArk, BeyondTrust, Thycotic Secret Server· API Security: Apigee, Kong, AWS API Gateway securitySecurity Frameworks & Standards· NIST Cybersecurity Framework (CSF)· NIST SP 800-53, 800-171· CIS Benchmarks and Controls· OWASP Top 10 & OWASP ASVS· MITRE ATT&CK Framework· Zero Trust Architecture (NIST SP 800-207)· Cloud Security Alliance (CSA) Cloud Controls Matrix· ISO 27001/27002· PCI-DSS, HIPAA, GDPR, SOC 2Highly Preferred certifications:· Certified Cloud Security Professional (CCSP)· GIAC Security Essentials (GSEC) or GIAC Certified Incident Handler (GCIH)· Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)· Certified Kubernetes Security Specialist (CKS)