Cyber Security Architect - Senior

Atlanta, GA, United States

Principal Cloud Incident Response Consultant

Location: On-site Downtown Atlanta, GA

Duration: 18 months- (Contract)

Initial/Primary Project Name(s): Next Gen. Cyber - Monitoring & Response

Schedule/Shift Details:: 1st (8am-5pm); Days: Tuesday to Saturday

Description:

Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work) Specialized attention on Cloud Incident Response & Fusion Center maturity with dedicated deliverables.

Bachelor Degree: (Required, Preferred or Not Required) Preferred.

Role Responsibilities: (what they will be doing)

"The Principal Cloud Incident Response Consultant is responsible for maturing the organization's Advanced Cloud Incident Response capabilities, especially around Azure/365 and/or AWS. Objective is to bring advanced external expertise to the organization to consult on routine cyber investigations, escalations, and incidents, especially around Cloud. This role will be expected to be both a strong communicator and skilled hands-on practitioner.

The role will also deliver specific deliverables including, but not limited to: Maintain Cloud Platform Response Guides

Create detailed Knowledge Base Entries

Uncover malicious activity

Enumerate and request specific cloud privileges for monitoring & IR functions.

Enhance existing SOC Runbooks for the cloud.

Contribute to tuning of cloud alerts. "

Must Have Skills/Prior Experiences: (Vendor should not submit any candidate that does not have these skills/prior experience.)

The selected candidate must demonstrate an understanding of the most popular cloud concepts. The candidate must demonstrate an understanding of key cloud resources and logs used to facilitate incident response and forensics. This role must have a strong knowledge of cloud (Azure, AWS) to effectively threat hunt and respond to advanced attacks. The ability to quickly identify nefarious artifacts versus benign activity will be a key skill for this position. This role must have problem solving skills for structured, unstructured, and complex situations.

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. Extensive hands-on experience conducting cyber incident investigations in Azure/M365 environments (AWS will be considered as well)

Strong ability to express their skills and knowledge in both verbal and written forms.

Experience developing high-quality deliverables about deep technical concepts.

Conduct cyber investigations for escalated and challenging computer security incidents using computer forensics, network forensics, root cause analysis and/or malware analysis.

Participate in the creation and maintenance of use cases for recurring investigation/incident triggers in support of the 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.

Participate in the creation and maintenance of playbooks used in response for investigation/incident triggers in support of 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.

Interface with other teams in Information Security (e.g. network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liability risk officers and technology management to help guide cyber security investigations and incidents.

Identify new threat tactics, techniques and procedures used by cyber threat actors.

Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment.

Plus/Nice to Have Skills/Prior Experiences:(Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.) Experience working in cloud environments, namely Microsoft Azure

Industry certifications in general technology and security (e.g. Network+, Security+, CySA+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, etc.)

Industry certifications in cyber forensics and incident response, such as GIAC Cloud Forensics Responder (GCFR), Certified Forensic Computer Examiner (CFCE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), and other related credentials

Demonstrated technical leadership experience"

Critical Screening Questions and Answers: (Used by Supplier to Get Best Fit. Suppliers will provide the candidate answers to these questions as part of resume submittal to VMS) Are you willing to support a minimum of 4 days on-site days in Atlanta's Cyber Fusion Center (CFC)

Are you willing to support an on-call schedule?

Can you share high-level examples of traditional IT and cyber AWS/Azure incidents you worked previously?

What credentials or training have you completed related to cloud?

Which cloud logs have been valuable during your previous cloud investigations? Please share specific examples.

Do you have experience setting an agenda and leading meetings with a technical audience?

What areas of cybersecurity do you have the most expertise in? (e.g. Windows Internals & Forensics, Azure, AWS, Network Analysis, Malware Analysis, Programming, etc.)"