Job description

Responsibilities - Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration. - Investigate and respond to incidents and attacks targeting cloud and hybrid identity. - Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation. - Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators. - Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments. - Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities. - Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings. Minimum Qualifications - BS in Computer Science, Cybersecurity, Computer Engineering, or related field; OR HS Diploma with 7+ years relevant experience. - 5+ years of experience in cyber forensic investigations with leading tools and techniques. - Strong understanding of SaaS, PaaS, and IaaS in cloud environments and hybrid identity security. - Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings. - Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions. - Knowledge of AWS, IAM, and best practices for cloud identity security. Preferred Qualifications - Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection. - Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats. - Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). - GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS, or Microsoft Cloud/Security certifications.

Requirements