Cloud Incident Response Consultant
Location: On-site Downtown Atlanta, GA
Duration: 18 months (Contract)
Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work)
- Specialized attention on Cloud Incident Response & Fusion Center maturity with dedicated deliverables.
Bachelor Degree: (Required, Preferred or Not Required)
Role Responsibilities: (what they will be doing)
"The Principal Cloud Incident Response Consultant is responsible for maturing the organization's Advanced Cloud Incident Response capabilities, especially around Azure/365 and/or AWS. Objective is to bring advanced external expertise to the organization to consult on routine cyber investigations, escalations, and incidents, especially around Cloud. This role will be expected to be both a strong communicator and skilled hands-on practitioner.
The role will also deliver specific deliverables including, but not limited to:
- Maintain Cloud Platform Response Guides
- Create detailed Knowledge Base Entries
- Uncover malicious activity
- Enumerate and request specific cloud privileges for monitoring & IR functions.
- Enhance existing SOC Runbooks for the cloud.
- Contribute to tuning of cloud alerts. "
Must Have Skills/Prior Experiences: (Vendor should not submit any candidate that does not have these skills/prior experience.)
The selected candidate must demonstrate an understanding of the most popular cloud concepts. The candidate must demonstrate an understanding of key cloud resources and logs used to facilitate incident response and forensics. This role must have a strong knowledge of cloud (Azure, AWS) to effectively threat hunt and respond to advanced attacks. The ability to quickly identify nefarious artifacts versus benign activity will be a key skill for this position. This role must have problem solving skills for structured, unstructured, and complex situations.
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
- Extensive hands-on experience conducting cyber incident investigations in Azure/M365 environments (AWS will be considered as well)
- Strong ability to express their skills and knowledge in both verbal and written forms.
- Experience developing high-quality deliverables about deep technical concepts.
- Conduct cyber investigations for escalated and challenging computer security incidents using computer forensics, network forensics, root cause analysis and/or malware analysis.
- Participate in the creation and maintenance of use cases for recurring investigation/incident triggers in support of the 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.
- Participate in the creation and maintenance of playbooks used in response for investigation/incident triggers in support of 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.
- Interface with other teams in Information Security (e.g. network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liability risk officers and technology management to help guide cyber security investigations and incidents.
- Identify new threat tactics, techniques and procedures used by cyber threat actors.
- Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment.
PlNice to Have Skills/Prior Experiences:(Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)
- Experience working in cloud environments, namely Microsoft Azure
- Industry certifications in general technology and security (e.g. Network+, Security+, CySA+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, etc.)
- Industry certifications in cyber forensics and incident response, such as GIAC Cloud Forensics Responder (GCFR), Certified Forensic Computer Examiner (CFCE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), and other related credentials
EEO::
Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.