Cloud Incident Response Consultant
Atlanta, GA, United States
Position: Principle Cloud Incident Response Consultant
Location: Onsite in Atlanta GA (Atleast 4 days a week onsite)
Shift: Tuesday - Saturday 8:00-5:00pm EST
Duration: 18 month contract
Pay Range: $70.00 - $90.00/hr based on experience
The Principal Cloud Incident Response Consultant is responsible for maturing the organization's Advanced Cloud Incident Response capabilities, especially around Azure/365 and/or AWS. Objective is to bring advanced external expertise to the organization to consult on routine cyber investigations, escalations, and incidents, especially around Cloud. This role will be expected to be both a strong communicator and skilled hands-on practitioner.
The role will also deliver specific deliverables including, but not limited to:
• Maintain Cloud Platform Response Guides
• Create detailed Knowledge Base Entries
• Uncover malicious activity
• Enumerate and request specific cloud privileges for monitoring & IR functions.
• Enhance existing SOC Runbooks for the cloud.
• Contribute to tuning of cloud alerts.
The selected candidate must demonstrate an understanding of the most popular cloud concepts. The candidate must demonstrate an understanding of key cloud resources and logs used to facilitate incident response and forensics. This role must have a strong knowledge of cloud (Azure, AWS) to effectively threat hunt and respond to advanced attacks. The ability to quickly identify nefarious artifacts versus benign activity will be a key skill for this position. This role must have problem solving skills for structured, unstructured, and complex situations.
Duties
• Conduct cyber investigations for escalated and challenging computer security incidents using computer forensics, network forensics, root cause analysis and/or malware analysis.
• Participate in the creation and maintenance of use cases for recurring investigation/incident triggers in support of the 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.
• Participate in the creation and maintenance of playbooks used in response for investigation/incident triggers in support of 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.
• Interface with other teams in Information Security (e.g. network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liability risk officers and technology management to help guide cyber security investigations and incidents.
• Identify new threat tactics, techniques and procedures used by cyber threat actors.
• Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment.
Skills
• Extensive hands-on experience conducting cyber incident investigations in Azure/M365 environments (AWS will be considered as well)
• Strong ability to express their skills and knowledge in both verbal and written forms.
• Experience developing high-quality deliverables about deep technical concepts.
• Experience working in cloud environments, namely Microsoft Azure
• Industry certifications in general technology and security (e.g. Network+, Security+, CySA+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, etc.)
• Industry certifications in cyber forensics and incident response, such as GIAC Cloud Forensics Responder (GCFR), Certified Forensic Computer Examiner (CFCE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), and other related credentials
• Demonstrated technical leadership experience
#J-18808-Ljbffr