• Job Description: We are seeking a skilled and experienced Cloud Cyber Security Analyst to join our dynamic team.

Responsibilities:

Identifying and Mitigating Security Risks in Cloud-Based Systems:

• Risk Assessment: Perform comprehensive risk assessments to identify vulnerabilities in cloud architectures and applications.
• Threat Analysis: Analyze potential threats and their impacts, focusing on specific cloud services and configurations.
• Remediation Strategies: Develop and implement remediation strategies to mitigate identified risks, working closely with development and operations teams.

Monitoring Cloud Environments for Security Threats:

• Continuous Monitoring: Utilize monitoring tools (e.g., SIEM solutions) to detect anomalous activities in real-time across cloud environments.
• Alert Management: Investigate alerts generated by monitoring systems, determining their severity and taking appropriate action to remediate issues.
• Threat Intelligence Integration: Incorporate threat intelligence feeds to enhance detection capabilities and respond to emerging threats effectively.

Developing and Implementing Security Policies and Procedures:

• Policy Creation: Develop comprehensive security policies tailored to cloud environments, addressing areas such as access control, data protection, and incident response.
• Procedure Documentation: Document security procedures and best practices to guide teams in maintaining compliance and security standards.
• Policy Training: Educate employees on security policies and the importance of adhering to established procedures.

Conducting Security Audits and Assessments:

• Internal Audits: Conduct regular security audits to evaluate the effectiveness of existing security measures and identify areas for improvement.
• Third-Party Assessments: Evaluate the security posture of third-party cloud service providers to ensure compliance with organizational standards.
• Reporting Findings: Compile detailed reports of audit findings, presenting recommendations for enhancements to senior management.

Ensuring Compliance with Industry Standards and Regulations:

• Regulatory Compliance: Ensure that cloud operations comply with relevant industry regulations (e.g., GDPR, HIPAA, PCI-DSS) by implementing necessary controls and practices.
• Compliance Audits: Prepare for and assist with compliance audits by regulatory bodies, ensuring documentation and evidence of compliance are maintained.
• Continuous Improvement: Stay informed about changes in regulations and industry standards, updating policies and practices accordingly to maintain compliance.

Risk Assessment and Management:

• Vulnerability Scanning: Regularly conduct vulnerability assessments using tools like Nessus or Qualys to identify weaknesses in cloud configurations.
• Threat Modeling: Create threat models for cloud architectures to identify and prioritize security risks based on business impact.
• Remediation Plans: Collaborate with development and operations teams to implement remediation strategies for identified risks.

Threat Intelligence:

• Research and Analysis: Gather and analyze threat intelligence from various sources to stay ahead of emerging threats specific to cloud environments.
• Collaboration: Work with threat intelligence teams and external security organizations to share insights and improve defenses.

Configuration Management:

• Best Practices Implementation: Ensure cloud resources are configured according to best security practices, including identity and access management (IAM), encryption, and network security.
• Automated Configuration Checks: Implement automated tools to regularly check configurations against established benchmarks.

Qualifications:

• Education:
• • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Experience:
• • Proven experience in cloud security, risk management, or cybersecurity roles.
  • Familiarity with cloud platforms (e.g. Azure, Google Cloud).
• Certifications:
• • Relevant certifications such as Azure Certified Security – Specialty, Certified Cloud Security Professional (CCSP), or similar.

Preferred Qualifications:

• Experience with DevSecOps practices.
• Familiarity with compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
• Knowledge of scripting or programming languages (e.g., Python, Bash).