Professional Documents
Culture Documents
Introduction
MetricStream offers an enterprise Governance Risk Compliance (GRC) software platform as a SaaS model, with
a full range of web-based, integrated applications to cover a variety of risk, quality, and compliance management
requirements.
MetricStream’s ConnectedGRC empower organizations to pursue an integrated approach to GRC and ensure
collaboration between risk, compliance, audit, cybersecurity and sustainability teams.
MetricStream is headquartered in San Jose, California with its R&D and Support office in Bengaluru, India.
The Role
We are looking at a Senior Cloud Security Specialist/ Cloud Security Lead to join MetricStream’s Information
Security team. The individual will be responsible for ensuring the security, compliance and resilience of
MetricStream’s Cloud infrastructure, systems, and services. The individual should focus primarily on leading the
development, implementation, and management of cloud security related controls, policies, procedures, and
controls to protect its data, systems, and assets. For this, the person will work on various security tools and
processes, collaborate with engineering functions and cross-functional teams, understand newer cloud
technologies and frameworks, adopt best practices, and provide training to identify, prevent and mitigate any
security, privacy or availability risks.
Key Responsibilities
Managing the SIEM dashboard by monitoring events to triage, prioritize, investigate and escalate
incidents to the respective asset owners and operations team
Optimize the SIEM system capabilities by managing the real-time rules, filters, active channels, and audit
and logging features of the event log sources
Perform vulnerability analysis and reviews using the vulnerability scanning tool to create vulnerabilities
test reports
Review any vulnerability or pen test reports generated by any 3 rd party reviews or scans
Manage and monitor the Cloud host and malware protection application and report to Cloud operations
Report identified vulnerabilities to respective functional owners and track the mitigation process
Understand any vulnerability or 0-day advisory reported by CERT, OEMs or customers and manage the
mitigation across teams
Review and approve any access related requests from business and external entities to Cloud assets
Perform security related activities during provisioning or termination of Cloud production servers
Support any compliance or third-party audits for Cloud security areas
Respond to any risk or due diligence questionnaires related to Cloud Security from customers or partners
Perform periodic Cloud Provider due-diligence activities and cloud vendor reviews
Perform Cloud security risk assessments, design reviews and recommend mitigation steps
Monitor Cloud-based security tools within AWS like Security Hub, Artifacts, Trusted Advisor, IAM, Guard
Duty, CloudTrail, etc.
Review and update the Cloud security hardening policies based on industry standards or best practices
like CIS, NIST etc.
Participate in incident response activities and provide guidance and support to remediate security
incidents or breaches
Review the disaster recovery planning and periodic testing of the Cloud environment and applications
pg. 1 www.metricstream.com
Work with Cloud and IT teams on implementation of new and review of existing technical controls,
policies, standards and guidelines
Identify security processes that can be automated and build out these capabilities by working with the
stakeholders
Review and manage documentation related to Cloud Security and Privacy policies, procedures,
processes and FAQs to protect the organization’s cloud infrastructure, services, and applications
Desired Skills
o Understand IT processes, systems, applications within an enterprise and the security controls
implemented to strengthen systems against any incidents, breaches or outages
o Assess security risks, identify vulnerabilities, and propose effective solutions to mitigate risks within cloud
environments
o Work with teams to analyze security incidents, review RCA and suggest steps to improve the controls
o Can collect, aggregate, synthesize, analyse and report on data from multiple sources and formats
o Commitment to correctness, efficiency, and attention to detail
o Strong problem solving, interpersonal, oral, and written communication skills
o Capable of working under pressure, multitasking, and thriving in a fast-paced, dynamic environment
o Receptive to feedback and open to constructive criticism for continuous improvement
o Ability to work swiftly and independently with minimal supervision
o Ability to take initiative and accountability for achieving results
o Knowledge of Cloud computing concepts and experience working on AWS or Azure services
o Knowledge of Cloud continuous monitoring solutions
o Knowledge of IT infrastructure areas such as servers (linux), networks (firewall, IDS-IPS, routers), proxies,
storage (backup, DR), end user computing, certificate mgmt., security applications etc.
o Knowledge of virtualization, hypervisors, and containerization (cloud or non-cloud) technologies
o Fair understanding of Software Development Lifecycle and Software deployment. processes
o Updates security, cloud, and IT infrastructure related knowledge and on emerging security tools and
trends
pg. 2 www.metricstream.com