Overview
Skills
Job Details
CISSP, GIAC or other security certifications preferred .
Job Title :: Cloud Security analyst
Client :: Network Product based
Location :: Cary, NC (Onsite)
Mode of Interview :: Pre-screening & 2rounds of interview with client
Job requirements
IT Security Analyst
Cloud Security Analyst
Reporting to the IT Security Manager, the IT Security Analyst is a position based in North Carolina.
Responsibilities:
Hands on experience on security testing tools, such as Burp Suite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Qualys, Web Inspect or other tools included within the Kali Linux distribution
Handling support of PC and Mac based users with security related problems
Experience in security assessment activities within a client s environment, emphasizing manual stealthy testing techniques using commercially / freely available offensive security tools and utilities built into operating systems.
Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing.
Good understanding of cloud technologies and its security best practices
Handling security incidents as reported by individuals and automated systems on laptops and mobile devices
Fine-tune WAF policies and configurations to optimize security while minimizing false positives.
Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments.
Coordinating investigations and reporting of security incidents related to Network, Systems and applications
Coordinate and execute IT security projects for Arista at multiple locations
Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises (including SAAS and IAAS)
Monitoring system compliance with the IT framework for controls and levels of access; recommending improvements
Collaborate with other groups inside Arista to manage security vulnerabilities and help manage risks
Administer security-dedicated systems (Software, Firewall management, EDR, NDR, log collection, reporting , analytics, Cloud Security consoles) as appropriate
Experience with CSPM tools such as WIZ,Lacework ,Google Security Command Center.
Terraform, CloudFormation, Forseti and other similar tools experience is highly desired
Conduct and collaborate on laptop and server forensics as well as Cloud / Service Provider forensics with the global security team
Perform other related duties as assigned.
Qualifications:
BA or BSc. in Computer Science, Management Information Systems, Information Assurance or related field
Advanced degree desirable
Must have 6+ years of progressive experience in computing and information security
Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc
Knowledge of Mitre ATT&CK framework preferred
Good knowledge of security fundamentals, Networking protocols, TCP/IP stack, systems architecture, and operating systems
Must have practical experience in Privacy Controls and implementing them in a corporate environment
Expert knowledge is desired of laptop operating systems (MacOS, Windows and Linux)
Proven project management experience a bonus - specifically experience in managing remote office configuration and bringing up and working with remote / off-site vendors
Experience working in a large cloud or Internet software company
Proven experience with CASB and Cloud based logging and SIEM solutions
Business Application security analysis and practical experience is a plus (eg: SFDC, NS, SiSense)
CISSP, GIAC or other security certifications desired.
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.