Summary
The candidate will be responsible for cloud-focused monitoring, investigation, and escalation support across the organization’s hosted environment. The analyst will review suspicious cloud behavior, privilege misuse, configuration-related exposure, abnormal API activity, and cloud-originated attack paths, while correlating findings with endpoint, email, identity, and application telemetry.
The role supports the current traditional SOC baseline while helping the SOC mature into a crypto-/fintech-aware function by identifying cloud incidents that may affect sensitive operations, high-risk internal services, or customer-facing business systems.
Key Responsibilities
- To conduct investigations of suspicious activity spanning across AWS and other cloud services
- Analyze CloudTrail logs for anomalous cloud access, privilege misuse, access key issues, unusual API calls, and suspicious console behavior
- Connect cloud events to CrowdStrike, Netskope, Cloudflare, Sentry & Vercel context
- Investigate Netskope surfaced risky SaaS and cloud-app activity
- Investigate usage of unauthorized applications, and risky movement of files — abnormal user activity or a policy breach that increases the cloud attack surface
- Analyze cloud alerts with their operational or business impact
- Restrict, escalate incidents affecting critical services, administrative workflows, or sensitive data paths
- Assist in coordinating remediation with DevSecOps, IAM, and IT teams
- Suggest improvements in visibility, detection, and cloud monitoring coverage
- 24×7 operations
Mandatory Expertise
- Cloud Security Operations
Good to Have
- CrowdStrike and/or NetSkope
Optional
Preferred Additional Skills
- AWS security investigations
- Cloud log analysis
- Cloud access anomaly review
- Cloud attack-path awareness
- SaaS/cloud usage monitoring
- Basic application telemetry correlation using Sentry
- Operational awareness of hosted web/application platforms such as Vercel
Preferred Certifications
- AWS Security Specialty
- Security+
- CySA+
- SC-200
Success Measures
- Quality of cloud incident validation
- Accuracy of severity and impact assessment
- Timeliness of escalation for cloud misuse or suspicious access
- Quality of coordination with DevSecOps / IAM / IT
- Detection improvement recommendations for cloud-related threats
Note: Interested candidates may send their resume to [email protected]. Only shortlisted applicants will be contacted.