Senior Incident Responder – Cloud Security (AWS)

Job Description : As a Senior Incident Response (IR) Specialist focused on AWS, you will lead cloud security investigations, containment, and remediation efforts across complex environments. You will design and implement advanced detection and monitoring strategies, drive automation to strengthen AWS security posture, and collaborate with cross‑functional teams to resolve incidents swiftly.

Responsibilities : • Lead response to complex, high-impact security incidents in AWS, including unauthorized access, data breaches, malware infections, DDoS attacks, phishing, APTs, zero-day exploits, and cloud misconfigurations. • Perform in-depth analysis of security incidents, including advanced log analysis, digital forensic investigation, and root cause analysis. • Develop and implement containment, eradication, and recovery plans for complex security incidents, minimizing disruption and improving security posture. • Coordinate with internal and external stakeholders during incident response activities. • Document incident details, analysis findings, and remediation actions, including detailed forensic reports and security posture assessments. • Identify and recommend security improvements to prevent future incidents and enhance cloud security posture, including: • AWS security best practices • Security tool implementation and configuration (with a focus on CSPM tools) • Vulnerability management • Security awareness training • Threat hunting strategies • Security architecture enhancements • CSPM implementation and optimization • Develop and maintain AWS-specific incident response plans, playbooks, and procedures, emphasizing automation, orchestration, and continuous security posture improvement. • Stay current on cloud security, digital forensics, and cloud security posture management. • Mentor junior security analysts in incident response and security posture management. • Participate in on-call rotation, providing expert-level support and guidance on security posture. • Develop and deliver training on incident response, forensic best practices, and cloud security posture management. • Conduct proactive threat hunting and security posture assessments. • Contribute to the development of security tools and automation to improve incident response efficiency, effectiveness, and security posture.

About SHQ: SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone. SecurityHQ – We’re focused on engineering cybersecurity, by design.

Job Reference Number IN006

Essential Skills • Excellent communication and interpersonal skills, with the ability to convey highly technical information to technical and non-technical audiences, including executive leadership and legal counsel, regarding incident response and security posture. • Exceptional problem-solving and analytical skills; ability to remain calm, focused, and decisive under high-pressure situations, including those involving significant security posture deficiencies. • Ability to work independently, lead a team, and collaborate effectively to improve the organization’s security posture. • Expert-level understanding of AWS services, including: • EC2, S3, RDS, VPC, Lambda • CloudTrail, CloudWatch, Config, Security Hub, GuardDuty • IAM, KMS • AWS Organizations, AWS Control Tower • Extensive experience with SIEM systems (e.g., Datadog, Qradar, Azure Sentinel) in a cloud environment, with a focus on security posture monitoring. • Mastery of log analysis, network analysis, and digital forensic investigation techniques, including experience with specialized forensic tools (e.g., EnCase, FTK, Autopsy, Velociraptor) and CSPM tools. • Strong experience with scripting (e.g., Python, PowerShell) for automation, analysis, tool development, and security posture management. • Deep familiarity with security tools and technologies, including: • IDS/IPS • EDR • Vulnerability scanners • Firewalls • Network forensics tools • CSPM tools

Education Requirements & Experience • Master’s degree in Computer Science, Cybersecurity, or a related field. • AWS Security certifications (e.g., AWS Certified Security – Specialty). • Relevant security certifications (e.g., CISSP, GCIH, GCIA, GREM, GNFA, OSCP). • Experience leading incident response teams and security posture improvement initiatives. • Experience with cloud automation and orchestration (e.g., AWS Systems Manager, Lambda) for incident response and security posture management. • Knowledge of DevSecOps principles and practices, including security integration into CI/CD pipelines and infrastructure as code (IaC) security. • Experience with container security (e.g., Docker, Kubernetes) in AWS, including forensic analysis and security posture assessment. • Experience with reverse engineering and malware analysis, focused on identifying threats that impact cloud security posture.