Job Description:
As a Senior Incident Response (IR) Specialist focused on AWS, you will lead cloud security investigations, containment, and remediation efforts across complex environments. You will design and implement advanced detection and monitoring strategies, drive automation to strengthen AWS security posture, and collaborate with cross‑functional teams to resolve incidents swiftly.
Responsibilities:
• Lead response to complex, high-impact security incidents in AWS, including unauthorized access, data breaches, malware infections, DDoS attacks, phishing, APTs, zero-day exploits, and cloud misconfigurations.
• Perform in-depth analysis of security incidents, including advanced log analysis, digital forensic investigation, and root cause analysis.
• Develop and implement containment, eradication, and recovery plans for complex security incidents, minimizing disruption and improving security posture.
• Coordinate with internal and external stakeholders during incident response activities.
• Document incident details, analysis findings, and remediation actions, including detailed forensic reports and security posture assessments.
• Identify and recommend security improvements to prevent future incidents and enhance cloud security posture, including:
• AWS security best practices
• Security tool implementation and configuration (with a focus on CSPM tools)
• Vulnerability management
• Security awareness training
• Threat hunting strategies
• Security architecture enhancements
• CSPM implementation and optimization
• Develop and maintain AWS-specific incident response plans, playbooks, and procedures, emphasizing automation, orchestration, and continuous security posture improvement.
• Stay current on cloud security, digital forensics, and cloud security posture management.
• Mentor junior security analysts in incident response and security posture management.
• Participate in on-call rotation, providing expert-level support and guidance on security posture.
• Develop and deliver training on incident response, forensic best practices, and cloud security posture management.
• Conduct proactive threat hunting and security posture assessments.
• Contribute to the development of security tools and automation to improve incident response efficiency, effectiveness, and security posture.
About SHQ:
SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone. SecurityHQ – We’re focused on engineering cybersecurity, by design.
