WHAT YOU DO AT AMD CHANGES EVERYTHING
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world's most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.
AMD together we advance_
- Be a subject matter expert for cloud security and the SOC focal point for handling cloud security incidents, by providing guidance on industry best practices on detection and mitigation/remediation of cloud threats.
- Proactively identify issues and recommend configuration settings or supporting solutions to mitigate cloud security incidents.
- Collaborate with threat intelligence team to incorporate external threat intelligence into daily operations, enhancing detection capabilities.
- Threat hunting and forensic analysis. Where junior analysts follow defined scripts for defined threats, you will use sound DFIR methodology to creatively find new and unusual threats, and use malware analysis and endpoint/network/memory forensics to determine the reach of a threat identified by the front line.
- Incident handler with experience handling sensitive/need-to-know incidents. You will understand CSIRT best practices and the AMD incident response model, and will adapt both as appropriate to resolve specific incidents. You will coordinate with external teams to get the support needed for incident closure.
- Train junior analysts on incident response process and tasks. Constantly improve DFIR processes and procedures to improve speed and accuracy.
- Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. You will continually look for ways to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes.
- Propose and develop new use cases and playbooks/SOPs. You will propose and develop automation for recurring incidents and incident tasks, and will identify and onboard new datasources to support new threat detection and response use cases.
- Assist with operation, configuration, monitoring and tuning of an enterprise SIEM platform, including log collection specifications and infrastructure, and data source onboarding.
- Collaborate with technical and business experts from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, Corporate Investigations.
- Function as the SOC Shift Lead and be the escalation point for a global 24x7x365 SOC environment.
- Act as mentor and lead for other team members
IDEAL CANDIDATE WILL HAVE:
- 5+ years' experience as a SOC Analyst, or a Cloud Security Analyst with security scope, preferably in a large enterprise environment
- Strong conceptual and hands on knowledge of working in cloud security for any popular public cloud platforms like AWS, GCP, Azure
- Real time experience being part of cloud security incidents, coordinating with incident response teams to contain, mitigate, and recover from cloud threats.
- Ability to build and articulate hunt hypotheses based on observed patterns, anomalies, or known tactics, techniques, and procedures (TTPs) of threat actors.
- Experience developing adversary profiles groups based on Threat Intelligence data
- Experience in working with a geographically diverse team in multiple time zones around the globe
- Deep understanding of the ATT&CK matrix, with demonstrated experience building use cases and SOPs around the TTPs most relevant to your business.
- Proficient technical writing skills (documenting processes and procedures);
- Ability to solve problems and work through ambiguity and uncertainty;
- Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
- Proficiency with one or more SIEM query language
- Working knowledge of TCP/IP protocols, windows event logs, *nix audit logs, IDS alarms
- Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure
- Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
- Expert level understanding of common and emerging security threats and vulnerabilities
- Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast-moving industry.
- Industry security certifications such as CISSP and relevant GIAC certifications. At least one cloud security certification desired ( CCSP, CCSK, AWS Security Specialty, AZ 500)
- Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
- Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.
Benefits offered are described: AMD benefits at a glance.
AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants' needs under the respective laws throughout all stages of the recruitment and selection process.
Apply on company website