About the Position:
The Cloud Security Operations analyst works in a multi-disciplinary team of teams driving cyber security services and solutions to enable Citi to securely adopt Microsoft Active Directory (AAD) and Office 365 (O365). Our operating model emphasizes DevSecOps, that is, automation, integration, and agility based on Security as a Service / Security as Code concepts.
Act as a subject matter expert on Cloud cyber risks for AAD and O365.
Designing, implementing, and participating in the incident response processes specific to AAD and O365 deployments.
Implement security monitoring, including logging aggregation, correlation, and real-time alerting of security events and incidents
Provide threat modeling and risk assessment services to characterize the risk and severity posture of AAD and O365 deployments.
Validate that system design/architecture meets compliance requirements.
Run Cloud Continuous Monitoring reporting/metrics governing all security compliance/hygiene issues/security best practices across the AAD/O365 ecosystem.
Recommending and implementing security/compliance features to O365 tenants.
Effectively articulate technical security specifications, requirements, etc. through written and verbal communications to both technical and non-technical partners.
- Candidates should have knowledge of the tools and processes to provide operational security support to the Microsoft Azure Active Directory (AAD) and Office 365 (O365) ecosystem.
- Bachelor's Degree or equivalent work experience
- 5+ years of relative experience
- Hands-on experience with Azure and O365 including setup, configuration, maintenance, and security best practices.
- Experience with Identity and Access Management, EMS, and security services; Azure AD, Azure AD Connect, SSO, InTune, ATP, AIP, etc.
- Experience with various log aggregation/data analytics tools, such as Splunk, Elasticsarch, etc.
- Understanding of OSI model, TCP/IP, DNS protocols.
- Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, pen testing, etc.)
- Strong understanding and security incident response processes.
- Excellent technical documentation skills.
- Proven analytical skills.
- Industry-accredited certifications will be required. Candidates with Azure/365 security certifications (ex: Azure Security Engineer Associate, Microsoft 365 Certified Security Administrator Associate, etc.) and other security certifications (for example: OSCP,OSCE, GXPN,GPEN, GCIH, GWAPT, etc.) will be preferred.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.