Cloud Security Operations Architect
- Chicago, IL
Automation Anywhere is a global leader in Robotic Process Automation (RPA), empowering customers to automate end-to-end business processes with software bots – digital workers that perform repetitive and manual tasks, resulting in dramatic productivity gains, optimized customer experience and more engaged employees. The company offers the world’s only web-based and cloud-native intelligent automation platform combining RPA, artificial intelligence, machine learning and analytics right out of the box, to help organizations rapidly start and scale their process automation journey. Its Bot Store is the world's first and largest marketplace with more than 1,000 pre-built, intelligent automation solutions. With offices in more than 40 countries and a global network of 2,000 partners, Automation Anywhere has deployed over 2.4 million bots to support some of the world’s largest enterprises across all industries. For additional information, visit www.automationanywhere.com.
We are currently seeking a Sr. Security Operations Engineer, for our Cloud Security team. As part of this dynamic group, you will be the blue team expert responsible for monitoring, detection, and response activities with regards to security vulnerabilities, threats, events, and alerts within AWS and GCP public clouds. You will report to the Director, Cloud Security and will be a key member to help shape the future of our business
This is a remote role, with the ability to work from anywhere in the U.S
You will make an impact by being responsible for:
- Monitoring, analyzing, and investigating security logs, events, and alerts from a variety of devices and platforms including but not limited to, SIEM, IDS/IPS, Container Security agents, WAF, OS logs, AWS and GCP platform logs, etc.
- Identifying gaps in visibility and detection of attacks and malicious events, and work towards SOC maturity trends for AWS and GCP
- Leading projects involving ingestion of new log sources, building content for the SIEM, new rules and filters as needed for improved context, visibility, correlation
- Providing subject matter expertise in security threat analysis, hunting, detection, and response across Automation Anywhere’s SaaS cloud environments, build IR run books and automated workflows
- Being part of the Security Incident Response Team (SIRT) activities, helping SIRT to detect, respond, contain, and recover from security incidents in a timely manner
- Generating and building relevant security dashboards, trends and metrics as needed for the leadership team to track and communicate performance, coverage, risks and compliance
You will be a great fit if you have:
- B.S. degree in Computer Science or related field or equivalent combination of professional development training and experience
- 5+ years of previous experience working in security threat detection, hunt teams, or incident response, triaging cyber security alerts, events, incidents – AWS or GCP experience required
- Excellent understanding and ability to investigate threat campaign(s) techniques, lateral movements, C&C communications, and indicators of compromise (IOCs)
- At least 3+ years of hands-on experience in a SIEM (Sumologic preferred) is a must - searching and querying of raw logs, tuning of events and alerts, analysis and investigation of alerts, and writing content and correlation rules
- Minimum 5 years of experience in security analytics, correlation, tuning, analyzing and investigating alerts from multiple security tools, Network Packet Analyzers, Log Analysis (Windows, Linux, Web / LB, AWS CloudTrail / GuardDuty, GCP Security Command Center etc.)
- Familiarity with at least one public Cloud platform (AWS or GCP) with working knowledge of IaaS platforms and services (VPC, EC2/Compute, EKS/GKE, S3/Cloud Storage, RDS/Cloud SQL, GuardDuty/ Security Command Center, etc.)
- Experience developing operations playbooks, IR run books, security orchestration and automated responses and processes within SOC
- Thorough understanding of the threat and attack landscape in networks and web applications, latest security attack vectors, MITRE ATT&CK Framework and Cyber Kill Chain and how they can be used in detection and prevention
- Security certifications like CISSP, CEH, OSCP, GSEC, GCFA, GCIH, GCIA, CHFI, AWS certification etc. are highly desired
You excel in these key competencies:
- Excellent verbal and written communication skills and ability to document and explain technical details and incident reports clearly and concisely
- Agility and willingness to deal with a high level of ambiguity, change, and pressures of high-profile incidents
- Flexibility—willingness to pitch in where needed across program and team
- Strong leadership, influence, and teamwork skills; sound problem resolution, judgment, negotiating, and decision-making skills
- Solid skills of cloud solutions and security best practices for operating in the cloud
- Strong knowledge of industry standards, vulnerability classifications, and attack vectors
- Experience working effectively with global teams in multiple time zones
Why Automation Anywhere?
At our company each person brings their unique talents to work as a team and make a difference. As the leader in Robotic Process Automation (RPA), we provide a very compelling product where our teams are breaking new ground every day and given an environment to grow their skills and have fun along the way. Our technology is the game changer, and our people give us the edge to better our world and go be great!
Automation Anywhere is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
**All unsolicited resumes submitted to any @automationanywhere.com email address without HR/Recruiting approval, whether submitted by an individual or by an agency, will not be eligible for an agency fee.
Back to top