L3 Security Specialist

Experience Required 8-12 years in Information Security with minimum 5 years in cloud security and SIEM operations Cloud Security Management · Design, implement, and maintain security architectures across Azure and AWS multi-cloud environments · Lead security assessments, vulnerability management, and penetration testing initiatives · Architect and enforce security policies, standards, and best practices for cloud infrastructure · Manage identity and access management (IAM) policies, roles, and permissions across both platforms · Implement and maintain security monitoring, logging, and SIEM solutions · Lead incident response activities and conduct root cause analysis for security events SIEM Operations & Security Monitoring · Design, deploy, and manage enterprise SIEM platforms (Splunk, Azure Sentinel, IBM QRadar, LogRhythm) · Develop and optimize correlation rules, alerts, and detection use cases · Create custom parsers and data connectors for log ingestion from multiple sources · Implement advanced threat hunting and analytics using SPL, KQL, or similar query languages · Manage log retention, archival, and compliance requirements · Integrate SIEM with SOAR platforms for automated incident response · Tune alert thresholds to minimize false positives while maintaining detection effectiveness · Generate security metrics, dashboards, and executive-level reports · Conduct regular health checks and performance optimization of SIEM infrastructure Major Security Areas 1. Identity & Access Management (IAM) · Implement least privilege access and role-based access control (RBAC) · Manage Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM) · Configure Azure AD, AWS IAM, Okta, and other identity providers · Implement Just-In-Time (JIT) access and Privileged Identity Management (PIM) · Conduct access reviews and entitlement management 2. Data Security & Encryption · Implement data classification and Data Loss Prevention (DLP) solutions · Manage encryption at rest and in transit across all platforms · Configure key management systems (KMS) and Hardware Security Modules (HSM) · Implement database security controls and monitoring · Design data masking and tokenization strategies 3. Endpoint Security · Deploy and manage EDR/XDR solutions (CrowdStrike, Microsoft Defender, Carbon Black) · Implement anti-malware, host-based firewalls, and security agents · Manage mobile device management (MDM) and endpoint compliance · Configure application whitelisting and device control policies 4. Vulnerability Management · Lead enterprise vulnerability assessment programs · Manage scanning tools (Qualys, Nessus, Rapid7, Tenable) · Prioritize vulnerabilities using CVSS scoring and business context · Track remediation efforts and report on security posture · Conduct regular penetration testing and red team exercises 5. Threat Intelligence & Hunting · Leverage threat intelligence feeds and platforms (MISP, ThreatConnect, Recorded Future) · Conduct proactive threat hunting using MITRE ATT&CK framework · Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) · Develop custom threat detection rules and signatures · Participate in threat intelligence sharing communities 6. Incident Response & Forensics · Lead security incident response following NIST guidelines · Conduct digital forensics and malware analysis · Manage security operations center (SOC) escalations · Develop and maintain incident response playbooks · Coordinate with external stakeholders during breaches 7. Cloud Security Posture Management (CSPM) · Implement CSPM tools (Prisma Cloud, CloudGuard, Azure Security Center) · Continuously monitor cloud configurations for security risks · Remediate misconfigurations and security drift · Enforce cloud security baselines and CIS benchmarks 8. Compliance & Risk Management · Ensure compliance with ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, NIST, FedRAMP · Conduct security audits and prepare compliance reports · Perform risk assessments and develop risk mitigation strategies · Manage security governance frameworks · Develop and maintain security documentation, runbooks, and procedures Required Skills & Expertise Cloud Platforms · Azure: Azure Security Center, Microsoft Defender for Cloud, Azure Sentinel, Azure AD, Azure Policy, Azure Firewall, Application Gateway, NSGs, Azure Monitor, Azure Key Vault, Microsoft Defender for Identity · AWS: AWS Security Hub, GuardDuty, AWS IAM, Security Groups, AWS WAF, CloudTrail, Config, Inspector, Macie, KMS, CloudWatch, Systems Manager, AWS Shield SIEM & Security Monitoring · SIEM Platforms: Expert-level proficiency in Splunk Enterprise Security, Azure Sentinel (Microsoft Sentinel), IBM QRadar, LogRhythm, Elastic SIEM · Query Languages: SPL (Splunk), KQL (Kusto Query Language), SQL for security analytics · Log Management: Log aggregation, parsing, normalization from diverse sources (Windows, Linux, cloud, network devices, applications) · Correlation & Analytics: Creating correlation searches, threat detection rules, behavioral analytics · SOAR Integration: Integration with Security Orchestration and Automated Response platforms (Splunk SOAR, Azure Logic Apps, Palo Alto Cortex XSOAR) · Threat Detection: Building use cases for ATT&CK framework, anomaly detection, user behavior analytics (UEBA) Security Tools & Technologies · Vulnerability Management: Qualys, Nessus, Rapid7, Tenable, OpenVAS · EDR/XDR: CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black, SentinelOne · CASB: Microsoft Defender for Cloud Apps, Netskope, Zscaler · DLP: Symantec DLP, Microsoft Purview, Forcepoint · PAM: CyberArk, BeyondTrust, Thycotic Secret Server · API Security: Apigee, Kong, AWS API Gateway security Security Frameworks & Standards · NIST Cybersecurity Framework (CSF) · NIST SP 800-53, 800-171 · CIS Benchmarks and Controls · OWASP Top 10 & OWASP ASVS · MITRE ATT&CK Framework · Zero Trust Architecture (NIST SP 800-207) · Cloud Security Alliance (CSA) Cloud Controls Matrix · ISO 27001/27002 · PCI-DSS, HIPAA, GDPR, SOC 2 Highly Preferred certifications: · Certified Cloud Security Professional (CCSP) · GIAC Security Essentials (GSEC) or GIAC Certified Incident Handler (GCIH) · Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) · Certified Kubernetes Security Specialist (CKS)