Cloud Security Analyst | HYBRID - Cary, NC

Work Location: HYBRID - Cary, NC

Description: Reporting to the IT Security Manager the IT Security Analyst is a position based in North Carolina

Responsibilities

• Hands on experience on security testing tools such as Burp Suite Mimikatz Cobalt Strike PowerSploit Metasploit Qualys Web Inspect or other tools included within the Kali Linux distribution
• Experience in security assessment activities within a clients environment emphasizing manual stealthy testing techniques using commercially freely available offensive security tools and utilities built into operating systems
• Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing
• Good understanding of cloud technologies and its security best practices
• Finetune WAF policies and configurations to optimize security while minimizing false positives
• Configure deploy and maintain Web Application Firewalls WAF in production and development environments
• Coordinating investigations and reporting of security incidents related to Network Systems and applications
• Coordinate and execute IT security projects for Arista at multiple locations
• Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises including SAAS and IAAS
• Monitoring system compliance with the IT framework for controls and levels of access recommending improvements
• Collaborate with other groups inside Arista to manage security vulnerabilities and help manage risks
• Administer securitydedicated systems Software Firewall management EDR NDR log collection reporting analytics Cloud Security consoles as appropriate
• Experience with CSPM tools such as WIZLacework Google Security Command Center
• Terraform CloudFormation Forseti and other similar tools experience is highly desired
• Conduct and collaborate on laptop and server forensics as well as Cloud Service Provider forensics with the global security team
• Perform other related duties as assigned

Qualifications

• BA or BSc in Computer Science Management Information Systems Information Assurance or related field
• Advanced degree desirable
• Must have 6 years of progressive experience in computing and information security
• Knowledge of common adversary tactics and techniques eg obfuscation persistence defense evasion etc
• Knowledge of Mitre ATTCK framework preferred
• Good knowledge of security fundamentals Networking protocols TCPIP stack systems architecture and operating systems
• Must have practical experience in Privacy Controls and implementing them in a corporate environment
• Expert knowledge is desired of laptop operating systems MacOS Windows and Linux
• Proven project management experience a bonus specifically experience in managing remote office configuration and bringing up and working with remote offsite vendors
• Experience working in a large cloud or Internet software company
• Business Application security analysis and practical experience is a plus eg SFDC NS SiSense
• CISSP GIAC or other security certifications desired
• Knowledge of information security standards eg ISO 1779927002 etc rules and regulations related to information security and data confidentiality eg FERPA HIPAA etc and desktop server application database network security principles for risk identification and analysis
• This position requires some weekend and evening assignments as well as availability during offhours for participation in scheduled and unscheduled activities

Mandatory Skills : Network Protocol - L3 Protocols

Good to Have Skills : Packet Core and Policy Control