Job Description

Roles and responsibilities:
Considered subject matter expert within discipline 
Solves complex problems; takes a broad perspective to identify innovative solutions 
Can either work independently on in teams 
Requests guidance in complex situations or when needed 
Interprets challenges and recommends best practices to improve processes 
Capacity to lead functional teams or projects to solve complex problems and deliver solutions 
Communicates difficult concepts and negotiates with others to conclude on goal-centric points of view 
Provides resolution support to wide array of issues that are complex in scope 
Contributes to departmental business planning and solution design 
Uses expert level Cyber Security knowledge base to complete tasks 
Intrinsic understanding of software development life cycles 
Excellent oral and written communication skills 
Understanding of security by design principles, architecture concepts & security frameworks (NIST, PCI, OWASP, etc.) 
Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities in the code or application 

Requirements:
Welling to work for 6 months of period.
6+ years of experience working with systems deployed on AWS 
4+ years of technical experience in Incident Management for AWS Cloud solutions 
1+ years of experience with AWS Incident Detection and Response 
Demonstrated experience using Splunk for Incident Management and processes supported by Okta CIAM, PhishER, PagerDuty, Imperva, CrowdStrike, AWS Guard Duty, Defender for Cloud Apps, etc. 
Incident Management (2+ years minimum) 
Risk Management techniques (2+ years minimum) 
Vulnerability Management 
Web Application Firewalls such as Imperva 
As a subject matter expert or stakeholder, has previously supported information security audits in any of the following 
frameworks or regulations: PCI DSS, NIST, SOC 1 or 2, ISO 27001, Sarbanes-Oxley (SOX) or HITRUST 
Experience in analyzing threats of cloud and application components, such as findings from Security Assessments 

Nice to have: 
Familiarity with Jira, GitHub, Okta, WordPress, Qualys VMDR, Jenkins, Rancher, Terraform, Snyk & Contrast 
Familiarity with some of the following concepts: 
SAST (Static Application Security Testing) 
DAST (Dynamic Application Security Testing) 
SCA (Software Composition Analysis) 
SBOM (Software Bill of Materials) 
Image Scanning 
SOAR (Security Orchestration, Automation and Response), good if experienced in 
IaC (Infrastructure as Code) 
Threat Modeling 
PenTesting (Web App, Mobile, External) 
CSA (Cloud Security Assessment) 
Familiarity with Java (including npm and Maven), Docker & Kubernetes 

Skills Required