Sr. Principal Information Security Analyst

Job Description

• Evaluating and Recommending Solutions:
  • Assess and recommend solutions for Cloud Native Application Protection Platforms (CNAPP), focusing on runtime protection, vulnerability scanning, and threat detection.
  • Evaluate solutions for Cloud Security Posture Management (CSPM) to maintain a secure posture by monitoring cloud resources, identifying misconfigurations, and enforcing security policies.
  • Manage permissions and access rights across cloud services using Cloud Infrastructure
  • Entitlement Management (CIEM) tools.
  • Secure workloads within the cloud environment through Cloud Workload Protection (CWP) tools.
• Adherence to Standards and Guidelines:
  • Ensure selected solutions align with cloud security requirements, standards, and guidelines, including those from the National Institute of Standards and Technology (NIST) and industry best practices.
  • Maintain a consistent and secure cloud environment by following established standards.
• Azure Policy Framework Evaluation:
  • Evaluate Azure Policy Framework policies against client requirements and recommend custom policies if existing ones do not meet needs.
  • Define and enforce rules for resource configurations within Azure.
• Governance Structure for Policy as Code (PaC):
  • Implement a governance structure for managing policies as code (PaC), using ARM templates or Azure Policy definitions.
  • Automate policy enforcement, track changes, and maintain security compliance through PaC.

Job Requirements

• 5 years of experience in Cloud Security, with a focus on Microsoft Azure and Microsoft 365.
• Proven experience maintaining cloud security management solutions, including designing and configuring automation, notifications, and reporting capabilities.
• Experience working with multidisciplinary teams to migrate security components to cloud services, including cloud security platforms and APIs.
• Experience troubleshooting cloud security events and issues, and collaborating with cloud service providers to resolve issues or implement working solutions.
• Experience in technical planning, systems integration, verification, and validation, with the ability to evaluate alternatives and make informed decisions.
• Experience analyzing emerging technologies and tools for applicability to customers, and preparing reports and recommendations on new and changes to processes and products.
• Strong knowledge of cloud security best practices, including identity and access management, data encryption, and threat protection.
• Experience with Microsoft Azure and Microsoft 365 security features, including Azure Active Directory, Azure Sentinel, and Microsoft 365 Defender.
• Strong understanding of cloud security governance and compliance, including risk management and incident response.
• Preferred Technical and Professional Expertise:
  • Microsoft Azure certification.
  • AWS, CSPM, and CWPP certification