Senior Cloud Security Specialist/ Lead

Employment Type: FULL TIME EMPLOYEE

Introduction
MetricStream offers an enterprise Governance Risk Compliance (GRC) software platform as a SaaS model, with
a full range of web-based, integrated applications to cover a variety of risk, quality, and compliance management
requirements.
MetricStream’s ConnectedGRC empower organizations to pursue an integrated approach to GRC and ensure
collaboration between risk, compliance, audit, cybersecurity and sustainability teams.
MetricStream is headquartered in San Jose, California with its R&D and Support office in Bengaluru, India.

The Role
We are looking at a Senior Cloud Security Specialist/ Cloud Security Lead to join MetricStream’s Information
Security team. The individual will be responsible for ensuring the security, compliance and resilience of
MetricStream’s Cloud infrastructure, systems, and services. The individual should focus primarily on leading the
development, implementation, and management of cloud security related controls, policies, procedures, and
controls to protect its data, systems, and assets. For this, the person will work on various security tools and
processes, collaborate with engineering functions and cross-functional teams, understand newer cloud
technologies and frameworks, adopt best practices, and provide training to identify, prevent and mitigate any
security, privacy or availability risks.

Key Responsibilities
 Managing the SIEM dashboard by monitoring events to triage, prioritize, investigate and escalate
incidents to the respective asset owners and operations team
 Optimize the SIEM system capabilities by managing the real-time rules, filters, active channels, and audit
and logging features of the event log sources
 Perform vulnerability analysis and reviews using the vulnerability scanning tool to create vulnerabilities
test reports
 Review any vulnerability or pen test reports generated by any 3 rd party reviews or scans
 Manage and monitor the Cloud host and malware protection application and report to Cloud operations
 Report identified vulnerabilities to respective functional owners and track the mitigation process
 Understand any vulnerability or 0-day advisory reported by CERT, OEMs or customers and manage the
mitigation across teams
 Review and approve any access related requests from business and external entities to Cloud assets
 Perform security related activities during provisioning or termination of Cloud production servers
 Support any compliance or third-party audits for Cloud security areas
 Respond to any risk or due diligence questionnaires related to Cloud Security from customers or partners
 Perform periodic Cloud Provider due-diligence activities and cloud vendor reviews
 Perform Cloud security risk assessments, design reviews and recommend mitigation steps
 Monitor Cloud-based security tools within AWS like Security Hub, Artifacts, Trusted Advisor, IAM, Guard
Duty, CloudTrail, etc.
 Review and update the Cloud security hardening policies based on industry standards or best practices
like CIS, NIST etc.
 Participate in incident response activities and provide guidance and support to remediate security
incidents or breaches
 Review the disaster recovery planning and periodic testing of the Cloud environment and applications

pg. 1 www.metricstream.com
  Work with Cloud and IT teams on implementation of new and review of existing technical controls,
policies, standards and guidelines
 Identify security processes that can be automated and build out these capabilities by working with the
stakeholders
 Review and manage documentation related to Cloud Security and Privacy policies, procedures,
processes and FAQs to protect the organization’s cloud infrastructure, services, and applications

Desired Skills
o Understand IT processes, systems, applications within an enterprise and the security controls
implemented to strengthen systems against any incidents, breaches or outages
o Assess security risks, identify vulnerabilities, and propose effective solutions to mitigate risks within cloud
environments
o Work with teams to analyze security incidents, review RCA and suggest steps to improve the controls
o Can collect, aggregate, synthesize, analyse and report on data from multiple sources and formats
o Commitment to correctness, efficiency, and attention to detail
o Strong problem solving, interpersonal, oral, and written communication skills
o Capable of working under pressure, multitasking, and thriving in a fast-paced, dynamic environment
o Receptive to feedback and open to constructive criticism for continuous improvement
o Ability to work swiftly and independently with minimal supervision
o Ability to take initiative and accountability for achieving results
o Knowledge of Cloud computing concepts and experience working on AWS or Azure services
o Knowledge of Cloud continuous monitoring solutions
o Knowledge of IT infrastructure areas such as servers (linux), networks (firewall, IDS-IPS, routers), proxies,
storage (backup, DR), end user computing, certificate mgmt., security applications etc.
o Knowledge of virtualization, hypervisors, and containerization (cloud or non-cloud) technologies
o Fair understanding of Software Development Lifecycle and Software deployment. processes
o Updates security, cloud, and IT infrastructure related knowledge and on emerging security tools and
trends

Education & Experience

 Bachelor’s Degree in engineering or IT; BTech, BE, MCA, MS IT etc
 Experience of 8-13 years in Cloud Security, Security assessments, IT operations, BCP-DR areas
 Expert knowledge of Microsoft Excel, Word, PowerPoint
 Working knowledge of industry best practices and standards like ISO 27001, CIS, NIST, HIPAA, ITIL etc.
 Experience with Public Cloud services
 Experience in working with multiple security tools like SIEM, SOAR, XDR, VA scanners, CSPM, CASP etc
 Experience with Identity and Access management tools and techniques
 Experience with Cloud or IT Infrastructure related Security and Operations processes and policies
 Experience in working with vendors, partner or contract staff
 Security certifications such as CEH, SSCP, CCSP, CCSK, CISSP, GCLD, GPCS and/or vendor-specific cloud
certifications from AWS, Azure etc.

pg. 2 www.metricstream.com