ETIC, Cyber Security, Cloud Security Engineer Senior Associate

PricewaterhouseCoopers

overview:

• It involves examining the settings, configurations, and policies used in the IT environment, identifying potential security gaps and vulnerabilities, and recommending best practices to improve the security posture of the organization. The assets in scope can be (Network appliances, security appliances and popular operating systems such as Microsoft windows, Unix, and Linux), the reviewer is expected to look into configurations, setting as well as the man made rules such as firewall rules or access lists to check for any deviations.

Configuration review process:

• Validate the Scope: Confirm and validate the scope of the assessment, including the systems and devices to be reviewed, the types of configuration settings to be assessed, and any specific security policies and standards that apply.
• Prepare the Assessment Criteria or checklist: Develop assessment criteria and checklist based on vendor best practices, industry standards and applicable client policies and procedures. The standards can include frameworks such as CIS Controls or NIST Cybersecurity Framework.
• Conduct the Assessment: Conduct the assessment, reviewing the configurations of systems and devices against the assessment criteria. This can be done using automated tools, manual review, or a combination of both.
• Identify Findings: Identify any findings or deviations from the assessment criteria. This can include misconfigurations, missing patches, or insecure settings.
• Analyze Findings: Analyze the findings to determine their impact on the security posture of the organization. Prioritize the findings based on the risk they pose to the organization.
• Develop Recommendations: Develop recommendations for remediation of the findings, including specific actions to be taken and timelines for completion.
• Present Findings and Recommendations: Present the findings and recommendations to key stakeholders in the organization.

Overall, a configuration review assessment involves a thorough review of configurations against established criteria and checklist to identify potential security risks and develop recommendations for remediation.

Role requirements:
Good understanding and practical experience in infrastructure and Cloud platform security
Good understanding of Microsoft Sentinel and KQL
Experience and proven record of success in integrating custom connectors with Sentinel using APIs. If you have no direct experience with Sentinel, individuals with good developer skills will be considered
Experience with M365 Threat Protection technologies including Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud Apps
Experience with Azure Security technologies including Microsoft Defender for Cloud, Key Vault, Azure DDoS Protection, and other
Experience with Information Protection technologies such as Azure Information Protection, Windows Information Protection, and Data Loss Prevention
Hands-on experience establishing and configuring security controls for Microsoft Azure components (i.e. Defender for Cloud, Azure Firewall, Azure DDOS Protection, Azure Bastion and Sentinel)
Hands-on experience establishing and configuring security controls for Microsoft 365 components (i.e. Microsoft Purview, Defender for Cloud App, Endpoint, Identity and Vulnerability Management)
Hands-on experience establishing and configuring security controls for general security solution (i.e. Azure Active Directory, Azure Identity Protection and Azure RBAC)
Experience with compliance technologies including Advanced eDiscovery, Data Retention, and Insider Risk Management
Experience with Identity technologies including Azure Active Directory P1 & P2
Familiarity with a programming or scripting languages (esp. in KQL and PowerShell) is a plus
Familiarity with Power BI, Power Apps, or Power Automate is a plus

Knowledge of well-known SaaS technologies (i.e. SAP, Oracle) is a plus
At least 1 year of relevant work experience for Associate grade
At least 3 years of relevant work experience for Senior Associate grade
Open minded seeking innovative solutions
Ability to work within a fast-paced & unstructured environment
Ability to adapt to and communicate with different working styles
Ability to interact efficiently with senior members of the firm across multiple time zones

Essential skills & attributes:
Demonstrates extensive knowledge in infrastructure and cloud security
Experience in Consulting or in working within multinational environments
Excellent communication and presentation skills
High level of customer orientation and a convincing demeanour
Ability to work within a fast-paced & unstructured environment. Must be able to multi-task and effectively and continually prioritise
Excellent oral and written English skills. German language proficiency is a plus
Education
University degree, ideally in the fields of Computer and Information Science, Business Informatics, Computer Engineering, Cyber Security, Information Technology, Management Information Systems

The following Microsoft certifications are a significant plus:

• Azure Security Engineer Associate (AZ-500)
• Azure Solutions Architect Expert (AZ-303 or AZ-304 or AZ-405)
• Cybersecurity Architect Expert (SC-100)
• Security Operations Analyst Associated (SC-200)
• Identity and Access Administrator Associate (SC-300)
• Information Protection Administrator Associate (SC-400)