IT Security Analyst - Cloud Security Analyst

SolGenie Technologies for their client, this role is an exciting opportunity to join a dynamic team as an IT Security Analyst. The position, based in North Carolina, focuses on ensuring the security of cloud-based systems and infrastructure. This role will involve hands-on experience with various security testing tools, managing security incidents, and collaborating with technical teams to enhance security measures. Ideal candidates should have strong knowledge of security fundamentals, cloud technologies, and experience in vulnerability assessments and penetration testing.

IT Security Analyst - Cloud Security Analyst
Reporting to the IT Security Manager, this position is based in Cary, North Carolina.

Responsibilities:

• Hands-on experience with security testing tools such as Burp Suite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Qualys, Web Inspect, or other tools within the Kali Linux distribution.
• Handling support of PC and Mac-based users with security-related problems.
• Experience in security assessment activities within a client’s environment, emphasizing manual stealthy testing techniques using commercially/freely available offensive security tools and utilities built into operating systems.
• Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing.
• Good understanding of cloud technologies and its security best practices.
• Handling security incidents reported by individuals and automated systems on laptops and mobile devices.
• Fine-tune WAF policies and configurations to optimize security while minimizing false positives.
• Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments.
• Coordinating investigations and reporting security incidents related to Network, Systems, and applications.
• Coordinate and execute IT security projects for Arista at multiple locations.
• Engage in security research to keep abreast of the latest security issues for cloud-enabled enterprises (including SAAS and IAAS).
• Monitor system compliance with the IT framework for controls and levels of access; recommend improvements.
• Collaborate with other groups inside Arista to manage security vulnerabilities and help manage risks.
• Administer security-dedicated systems (Software, Firewall management, EDR, NDR, log collection, reporting, analytics, Cloud Security consoles) as appropriate.
• Experience with CSPM tools such as WIZ, Lacework, Google Security Command Center.
• Terraform, CloudFormation, Forseti, and other similar tools experience is highly desired.
• Conduct and collaborate on laptop and server forensics, as well as Cloud/Service Provider forensics with the global security team.
• Perform other related duties as assigned.

Qualifications:

• BA or BSc in Computer Science, Management Information Systems, Information Assurance, or a related field.
• Advanced degree desirable.
• Must have 6+ years of progressive experience in computing and information security.
• Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.
• Knowledge of Mitre ATT&CK framework preferred.
• Good knowledge of security fundamentals, networking protocols, TCP/IP stack, systems architecture, and operating systems.
• Practical experience in Privacy Controls and implementing them in a corporate environment.
• Expert knowledge of laptop operating systems (MacOS, Windows, and Linux).
• Proven project management experience, specifically in managing remote office configuration and working with remote/off-site vendors.
• Experience working in a large cloud or Internet software company.
• Proven experience with CASB and cloud-based logging and SIEM solutions.
• Business application security analysis and practical experience is a plus (e.g., SFDC, NS, SiSense).
• CISSP, GIAC, or other security certifications desired.
• Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.), and desktop, server, application, database, network security principles for risk identification and analysis.
• This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

In addition to technical expertise, the successful candidate should possess strong interpersonal and communication skills. This role requires the ability to collaborate effectively with cross-functional teams, explain complex security concepts to non-technical stakeholders, and work closely with team members to ensure seamless execution of security projects. The candidate should demonstrate a proactive approach in problem-solving and a team-oriented mindset, thriving in dynamic environments where adaptability and teamwork are key.