Job Description
Candidate will support and develop Cloud security monitoring implementation(s) at Visa. Primary day-today job duties involve designing solutions that improve overall cloud visibility for Incident Response operations, cybersecurity analysts and threat hunting personnel in multi-cloud environments.
Responsibilities
- Develop advanced correlation rules, reports, and dashboards to detect emerging threats in Cloud environments
- Develop, test, and implement cyber analytics capabilities to support multi-cloud cyber operations and threat hunting
- Specify and implement cloud-based cyber security techniques and procedures
- Enhance existing SIEM technologies to provide advanced monitoring and anomalous detection capabilities
- Lead logging enrollments from multi-tier applications into the enterprise logging platforms
- Develop specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
- Develop advanced scripts and automation for manipulation of multiple data repositories to support analyst requirements
- Develop automation for security tools management
- Collaborate with key stakeholders within Cyber Security to develop specific use cases to address specific business needs
- Work with stakeholders, mentor and provide guidance on cloud security
Qualifications
Must Have:
5+ years of Cybersecurity Experience
Excellent hands-on Experience in AWS, GCP and/Azure
Excellent understanding of enterprise logging standards within cloud environments
Excellent knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATTACK Framework
Excellent expertise in DevSecOps and CI/CD implementation
Excellent understanding of regular expressions, development of custom/flex Parsers
Excellent Python and Unix Shell scripting skills
Excellent understanding of log flow from numerous services within AWS, GCP and Azure. Experience with integrating them with 3rd party logging tools including but not limited to Splunk, Sumologic and Elastic Cloud.
Excellent understanding of Cyber Security Operations, Incident Response processes
Excellent understanding of web application architectures and web services
Excellent communication skills
Must have certifications AWS certification - Professional Solutions Architect or AWS Security specialty / GCP certification - Professional Cloud Security Engineer.
Nice to Have:
SANS, OSCP Certifications