L3 Security Specialist - Cloud Security & DevOps

Experience Required

8-12 years in Information Security with minimum 5 years in cloud security and SIEM operations

Cloud Security Management

Design, implement, and maintain security architectures across Azure and AWS multi-cloud environments

Lead security assessments, vulnerability management, and penetration testing initiatives

Architect and enforce security policies, standards, and best practices for cloud infrastructure

Manage identity and access management (IAM) policies, roles, and permissions across both platforms

Implement and maintain security monitoring, logging, and SIEM solutions

Lead incident response activities and conduct root cause analysis for security events

SIEM Operations & Security Monitoring

Design, deploy, and manage enterprise SIEM platforms (Splunk, Azure Sentinel, IBM QRadar, LogRhythm)

Develop and optimize correlation rules, alerts, and detection use cases

Create custom parsers and data connectors for log ingestion from multiple sources

Implement advanced threat hunting and analytics using SPL, KQL, or similar query languages

Manage log retention, archival, and compliance requirements

Integrate SIEM with SOAR platforms for automated incident response

Tune alert thresholds to minimize false positives while maintaining detection effectiveness

Generate security metrics, dashboards, and executive-level reports

Conduct regular health checks and performance optimization of SIEM infrastructure

Major Security Areas

1. Identity & Access Management (IAM)

Implement least privilege access and role-based access control (RBAC)

Manage Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM)

Configure Azure AD, AWS IAM, Okta, and other identity providers

Implement Just-In-Time (JIT) access and Privileged Identity Management (PIM)

Conduct access reviews and entitlement management

2. Data Security & Encryption

Implement data classification and Data Loss Prevention (DLP) solutions

Manage encryption at rest and in transit across all platforms

Configure key management systems (KMS) and Hardware Security Modules (HSM)

Implement database security controls and monitoring

Design data masking and tokenization strategies

3. Endpoint Security

Deploy and manage EDR/XDR solutions (CrowdStrike, Microsoft Defender, Carbon Black)

Implement anti-malware, host-based firewalls, and security agents

Manage mobile device management (MDM) and endpoint compliance

Configure application whitelisting and device control policies

4. Vulnerability Management

Lead enterprise vulnerability assessment programs

Manage scanning tools (Qualys, Nessus, Rapid7, Tenable)

Prioritize vulnerabilities using CVSS scoring and business context

Track remediation efforts and report on security posture

Conduct regular penetration testing and red team exercises

5. Threat Intelligence & Hunting

Leverage threat intelligence feeds and platforms (MISP, ThreatConnect, Recorded Future)

Conduct proactive threat hunting using MITRE ATT&CK framework

Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs)

Develop custom threat detection rules and signatures

Participate in threat intelligence sharing communities

6. Incident Response & Forensics

Lead security incident response following NIST guidelines

Conduct digital forensics and malware analysis

Manage security operations center (SOC) escalations

Develop and maintain incident response playbooks

Coordinate with external stakeholders during breaches

7. Cloud Security Posture Management (CSPM)

Implement CSPM tools (Prisma Cloud, CloudGuard, Azure Security Center)

Continuously monitor cloud configurations for security risks

Remediate misconfigurations and security drift

Enforce cloud security baselines and CIS benchmarks

8. Compliance & Risk Management

Ensure compliance with ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, NIST, FedRAMP

Conduct security audits and prepare compliance reports

Perform risk assessments and develop risk mitigation strategies

Manage security governance frameworks

Develop and maintain security documentation, runbooks, and procedures

Required Skills & Expertise

Cloud Platforms

Azure: Azure Security Center, Microsoft Defender for Cloud, Azure Sentinel, Azure AD, Azure Policy, Azure Firewall, Application Gateway, NSGs, Azure Monitor, Azure Key Vault, Microsoft Defender for Identity

AWS: AWS Security Hub, GuardDuty, AWS IAM, Security Groups, AWS WAF, CloudTrail, Config, Inspector, Macie, KMS, CloudWatch, Systems Manager, AWS Shield

SIEM & Security Monitoring

SIEM Platforms: Expert-level proficiency in Splunk Enterprise Security, Azure Sentinel (Microsoft Sentinel), IBM QRadar, LogRhythm, Elastic SIEM

Query Languages: SPL (Splunk), KQL (Kusto Query Language), SQL for security analytics

Log Management: Log aggregation, parsing, normalization from diverse sources (Windows, Linux, cloud, network devices, applications)

Correlation & Analytics: Creating correlation searches, threat detection rules, behavioral analytics

SOAR Integration: Integration with Security Orchestration and Automated Response platforms (Splunk SOAR, Azure Logic Apps, Palo Alto Cortex XSOAR)

Threat Detection: Building use cases for ATT&CK framework, anomaly detection, user behavior analytics (UEBA)

Security Tools & Technologies

Vulnerability Management: Qualys, Nessus, Rapid7, Tenable, OpenVAS

EDR/XDR: CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black, SentinelOne

CASB: Microsoft Defender for Cloud Apps, Netskope, Zscaler

DLP: Symantec DLP, Microsoft Purview, Forcepoint

PAM: CyberArk, BeyondTrust, Thycotic Secret Server

API Security: Apigee, Kong, AWS API Gateway security

Security Frameworks & Standards

NIST Cybersecurity Framework (CSF)

NIST SP 800-53, 800-171

CIS Benchmarks and Controls

OWASP Top 10 & OWASP ASVS

MITRE ATT&CK Framework

Zero Trust Architecture (NIST SP 800-207)

Cloud Security Alliance (CSA) Cloud Controls Matrix

ISO 27001/27002

PCI-DSS, HIPAA, GDPR, SOC 2

Highly Preferred certifications:

Certified Cloud Security Professional (CCSP)

GIAC Security Essentials (GSEC) or GIAC Certified Incident Handler (GCIH)

Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)

Certified Kubernetes Security Specialist (CKS)