Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Cloud Security Consultant - Incident Response Team
Company Secureworks
Location Remote, US
Preferred GIAC Certifications GCFA, GCFE, GNFA
Travel 0%
Salary Not provided
Contact Name Troy M Bettencourt
Contact Email tbettencourt/at/
Expires 2021-06-26

Job Description

Secureworks® (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Role Overview:

The Incident Response Cloud Consultant role is a senior level position working with customers in the growing area of Incident Response in the Cloud, to include Amazon Web Services (AWS), Microsoft Azure (including O365), and Google Cloud Platform (GCP). This work involves the following overarching duties:

Leading augmentation of Secureworks’ Incident Response Team’s Cloud capabilities and skillsets
Helping customer prepare to effectively handle security incidents in the Cloud
Performing Incident Response and helping customer effectively respond to incidents in the Cloud
Augmenting Secureworks’ Incident Response Team’s Cloud capabilities includes leading efforts on researching and building best practice documentation and methodologies for both securing the Cloud and responding to security incidents, developing effective and efficient processes and procedures for performing response, and building (or identifying existing) tools to automate response processes across a variety of Cloud environments to include AWS, Azure (including Microsoft 365), and GCP.

Helping customers prepare for security incidents in the Cloud includes developing Incident Response plans and playbooks, delivering Cloud-centric training, and conducting exercises to test response plans for incidents in the Cloud.

Responding to incidents in the Cloud includes helping customers manage both the technical and non-technical aspects of a complex, large-scale incidents occurring within their Cloud environments, conducting detailed forensic analysis to help customers identify the initial infection vector, scope, magnitude, and various other critical aspects of a security incident, developing timelines of malicious activity, and delivering remediation recommendations and recovery plans tailored to customers’ Cloud operations.

Role Responsibilities:

Serve as Subject Matter Expert in Incident Response and Digital Forensics in the Cloud
Perform complex Incident Response and forensic analysis and develop technical conclusions based on analysis of evidence
Review technical analysis and conclusions of other consultants
Document findings, develop Incident Response remediation recommendations, and present both orally and in written reports for customers
Conduct assessments of customer readiness to respond to incidents in the Cloud, including designing and delivering Incident Response exercises to test customer Incident Response plans
Review security and Incident Response assessments of other consultants
Develop detailed Incident Response plans and playbooks based on customer needs for Cloud environments
Design and deliver Incident Response exercises to test customer Incident Response plans
Oversee the delivery of Incident Response exercises by other consultants
Support Junior through Senior staff on Cloud security and Incident Response best practices, processes, and tooling
Experience leading multiple major work efforts involving research, development, training, and mentoring
Desire and aptitude to work with both customers and internal teams to solve complex security issues, often amidst times of crisis
Strong technical communication skills (oral and written) including experience briefing senior-level leadership and conveying technical subject matter to audiences of varying backgrounds and skill levels
Strong understanding of vulnerabilities within the Cloud along with the tools used to discover, analyze, and exploit such vulnerabilities


Minimum of 5 years experience as a Cloud Security Consultant with one of the following hosting platform: AWS, Azure or Google Cloud Platform
Minimum of 4 years of experience performing complex, large-scale security monitoring and response as well as host-based and network-based digital forensics
In-depth experience researching, using, building, and/or augmenting Cloud-based Open Source Security (OSS) tools utilized for security monitoring and response
Experience coding and developing tailored security monitoring and/or Incident Response tooling in current languages such as Python and Go
Experience understanding, utilizing, and transforming common data formats such as JSON, YAML, and CSV

Preferred Skills:

Experience with automation systems
‚ÄčOne or more of the following certifications: GCFA, GCFE, GNFA, or similar (targeted experience for this role may be considered in lieu of these)
Experience analyzing and/or reverse engineering malware
Understanding of key cybersecurity frameworks relevant to cyber incident response and cyber threat hunting: MITRE ATT&CK, CIS Controls, NIST CSF, NIST 800-53
Undergraduate degree in computer science, information systems, information assurance, cybersecurity, or equivalent work experience


Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Secureworks here.

Job ID: R081557