Cloud Security SME

MindPoint Group is seeking an enthusiastic Cloud Security SME to help a large law enforcement customer monitor and secure their rapidly expanding cloud footprint against attackers. The successful candidate will have a passion for and experience with being the foremost Cloud Security expert in an enterprise security environment and augment the team’s knowledge and skills across the major cloud providers (e.g., AWS, Azure, and Google Cloud) to develop alerting and response procedures for cloud events and perform cloud hunting, monitoring, and incident response.

Responsibilities:

• Perform cloud hunting and identify embedded threats effectively and efficiently.
• Review and analyze cloud logs to bring relevance and context to the data.
• Lead cloud incident response activities as they occur.
• Develop a full set of cloud incident response playbooks.
• Work with stakeholders to ensure full visibility into workloads running in the cloud.
• Ensure all cloud logs are onboarded to the SIEM tool and the correct events are logged.
• Develop and implement a full set of monitoring use cases to enable security tools to immediately and automatically detect cloud threats.
• Continuously tune security tools for optimization, i.e., maximum blocking with minimal false positives.
• Devise and implement additional KPIs and metrics that help the client monitor the overall health of this function.
• Ensure and enable the client’s participation in threat information-sharing initiatives across the USG.
• Assist the engineering team with the deployment, configuration, and maintenance of cloud-based SOC tools, technologies, applications, and solutions.
• Perform research and lead proof of concept efforts to determine where additional technologies may be necessary.

Required:

• Minimum ten (15) years of documented experience and/or education in IT or cybersecurity
• Masters degree
• Demonstrated expertise in performing cyber threat-hunting activities in cloud environments (e.g., SaaS, PaaS, IaaS, including O365, SIEM, EDR, and other cloud-based applications) is critically important
• Demonstrated experience leading incident response activities when cloud-based tools and systems are involved
• Experience across all major cloud providers (AWS, Azure, Google)
• Ability to work as an integral part of a high-performing security team is required
• Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms
• Understanding of recent cybersecurity policies and mandates such as EO 14028, M-21-31, NSM-8, and their impact on SOC activities
• Able to work normal business hours (core) and occasional/limited on-call hours as requested by the client and/or as required by operational demands (e.g., during major incidents)

Desired:

• Advanced-level cloud security certifications are strongly preferred (e.g. AWS Security Specialty certification).

Certifications

• Possesses one or more of the following DOD 8570 IASAE Baseline Certifications: CASP CE, CISSP, CSSLP, CISP-ISSAP, CISSP-ISSEP, CCSP

Clearance: Secret Clearance Required

Location: This is a hybrid role with expectations of being on the client site a few days a week in Arlington, VA

Additional Information

• All your information will be kept confidential according to EEO guidelines.
• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, maternity/paternity leave, mobile phone stipend, pre-tax commuter benefits, the opportunity to participate in our mentorship program, and more!
• MindPoint is committed to maintaining a diverse environment. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

Job applicants that are interested in one of our openings and may require a reasonable accommodation to participate in the job application or interview process, should contact us to request an accommodation.

Are you interested in a posted job opportunity but may not check all of the “boxes” for desired qualifications? If so, we encourage you to apply! Our commitment to sustain and champion an inclusive and dynamic community of employees is a high priority!