Senior Operations Analyst-Security L3

Requirements

Key Responsibilities:

Cybersecurity Operations:

• Lead investigation and resolution of complex security incidents and breaches, coordinating with L1 and L2 teams as necessary.
  
• Monitor security tools and platforms (SIEM, EDR, IDS/IPS) to detect threats and mitigate vulnerabilities.
  
• Perform root-cause analysis for incidents, implementing preventative measures and documenting lessons learned.
  
• Conduct penetration tests and vulnerability assessments, ensuring remediation plans are implemented effectively.
  
• Develop and enforce security policies, procedures, and guidelines to protect sensitive data and systems.
  

Cloud/Infrastructure Security:

• Design and implement robust security controls for cloud platforms (AWS, Azure, GCP) and hybrid environments.
  
• Manage identity and access management (IAM), ensuring least privilege principles are applied across the infrastructure.
  
• Conduct regular audits and assessments to validate compliance with security standards and regulations (e.g., GDPR, ISO 27001).
  
• Protect virtualized environments and containers using tools like Kubernetes security, Docker, or Azure Kubernetes Service (AKS).
  
• Monitor cloud environments for misconfigurations, unauthorized changes, or suspicious activity using tools like Prisma Cloud, Microsoft Defender for Cloud, or AWS Security Hub.
  

Threat Intelligence and Response:

• Stay updated on the latest cybersecurity trends, threats, and vulnerabilities to ensure proactive protection measures.
  
• Collaborate with Threat Intelligence teams to analyze emerging risks and recommend appropriate countermeasures.
  
• Develop and execute incident response playbooks for cloud and infrastructure-specific scenarios.
  

Security Automation and Optimization:

• Implement automation solutions to improve detection, response, and remediation times using tools like SOAR platforms (e.g., Splunk Phantom, Palo Alto Cortex XSOAR).
  
• Optimize security tool performance and conduct regular health checks to ensure systems are running efficiently.
  
• Drive continuous improvement in operational processes by identifying inefficiencies and proposing enhancements.
  

Collaboration and Reporting:

• Partner with DevOps, CloudOps, and IT teams to ensure seamless integration of security measures into infrastructure workflows.
  
• Provide regular security reports and metrics to leadership, highlighting trends, risks, and mitigations.
  
• Mentor and train junior analysts in advanced security operations and best practices.
  

Required Skills and Qualifications:

Technical Skills:

• Strong expertise in Cybersecurity domains: threat hunting, incident response, vulnerability management, and penetration testing.
  
• Advanced knowledge of cloud security tools and frameworks for AWS, Azure, and GCP.
  
• Proficiency with security tools: SIEM (Splunk, QRadar, Sentinel), EDR (CrowdStrike, Carbon Black), IDS/IPS (Snort, Suricata).
  
• Experience with encryption technologies, firewalls, VPNs, and Zero Trust architectures.
  
• Proficiency in scripting or programming (Python, Bash, PowerShell) for security automation.
  

Experience:

• 5+ years in cybersecurity or IT security roles, with at least 2 years in cloud/infrastructure security.
  
• Proven experience in handling L3 escalations for complex security incidents.
  
• Familiarity with regulatory compliance standards (e.g., NIST, GDPR, PCI DSS, ISO 27001).
  

Soft Skills:

• Strong analytical and critical thinking skills to resolve complex security challenges.
  
• Excellent communication skills for cross-functional collaboration and incident reporting.
  
• Ability to work effectively under pressure and manage multiple priorities.
  

Preferred Qualifications:

• Certifications: CISSP, AWS Certified Security - Specialty, Microsoft Certified: Security, Compliance, and Identity Fundamentals, or CCSP.
  
• Experience with DevSecOps practices and CI/CD pipeline security.
  
• Familiarity with security in containerized environments (Kubernetes, Docker).