Cloud Security Specialist

Cloud Security Specialist

Cloud Platform

Service/Tool

Scope

AWS

AWS Network Firewall and NGFW Components

1. Perform bi-annual rule review using Firewall Analyzer or manual methods to meet PCI DSS 4.0 compliance.

2. Define and review policy configurations and ensure compliance with signature updates for NGFW functions such as IPS, AV, APT, Antibot, Antimalware, IP Reputation, Application & URL Filtering, Threat Intelligence Integration, SSL Inspection, and patching.

3. Compliance oversight for AWS Network Firewall.

4. Monitor firewall event, incident through SIEM.

AWS

Endpoint Security Agent (Antimalware & EDR)

CrowdStrike

1. Administer EDR/AV platforms.

2. Conduct quarterly compliance reviews via Cybersecurity GRC.

3. Manage security incidents related to endpoint threats.

4. Provide support and troubleshooting for endpoint protection tools.

AWS

Security Event Monitoring (SIEM/SOC)

1. Manage one pair AWS HF log forwarder integrated with the existing SIEM platform.

2. Monitor logs forwarded from AWS to Splunk SIEM for continuous threat visibility.

AWS

Patch Management

1. Conduct quarterly patch reviews for AWS servers/ systems in collaboration with Cyber Defense and Compliance.

2. Apply and manage patches for cybersecurity-managed systems.

AWS

Asset Inventory Management

Maintain a current inventory of software and licenses used within AWS under Cybersecurity scope.

AWS

Cloud Security

1. Define and enforce cloud security policies and compliance requirements.

2. Governance & manage dedicated security OU and centralized log management accounts through tools like AWS Cloud watch, Cloud trail, GuardDuty, S3, AWS security Hub for security related event, alert & logs.

3. Onboard new and existing AWS accounts with GuardDuty, Security Hub, fine-tune policies, and monitor for threats.

4. Use Security Hub to evaluate compliance (e.g., CIS, NIST, PCI), follow up on findings, and ensure mitigation.

5. Administer AWS-native security tools including Security Hub, GuardDuty, Macie, Cloud Conformance Pack etc.

6. Governance & oversight of SCP, Guardrails and compliance assurance through monitoring event.

7. Monitor and validate key and secret usage via AWS KMS and Secrets Manager and monitoring event.

8. Oversight of IAM policy, access audit, monitoring events for non-compliance, IAM posture management.

AWS

WAF & DDoS Protection

1. Manage cloud-native WAF and DDoS services.

2. Configure WAF rules, apply signature updates, and manage cloud-based WAF solution.

AWS

PAM

All Cloud workloads and bastion hosts need to integrate with PAM post handover and manage PAM infrastructure in cloud.

AWS

Vulnerability Assessment & Penetration Testing (VAPT)

1. Perform vulnerability assessments for workloads and containers using CrowdStrike VA and CNAAP tools.

2. Review reports quarterly and ensure mitigation by coordinating with service/system owners.

3. Follow defined SLAs and remediation procedures for VAPT findings.

AWS

Audit Support

1. Assist with internal and external audits (e.g., ISMS, PCI, regulatory) related to cybersecurity scope.

2. Support audit readiness and evidence collection for all Cybersecurity-managed environments.

3. Act as liaison between audit stakeholders and Platform Owners.

AWS

Security Compliance

1. Conduct quarterly compliance checks via Cybersecurity GRC.

2. Share VAPT results and remediation actions for network, server, and system layers.

3. Remediate vulnerabilities, enforce security compliance, and resolve audit findings related to Cybersecurity managed devices/services.

4. Coordinate with Platform Owners for resolution tracking.

AWS + GCP + Azure

CrowdStrike CNAPP

1. CSPM: Cloud posture monitoring & compliance (e.g. CIS, NIST, PCI).

2. CWPP: Workload protection (VMs, containers, serverless)

3. CIEM: Identity & access monitoring

4. IaC Scanning: Secure code before deployment

5. Threat Detection: Real-time alerts & forensic support

6. Audit Support: Compliance reporting & evidence readiness

7. Cloud Governance: Secure onboarding, policy enforcement

8. Reporting: Dashboards, SLA tracking.

9.Review reports and ensure mitigation by coordinating with service/system owners.

Azure

Azure Native Cloud Security Tool

Microsoft Defender for Cloud:

1. Security posture management.

2. Threat detection for VMs, containers, databases, and cloud services

3. Regulatory compliance monitoring (CIS, NIST, PCI, etc.)

4. Alerts, recommendations, and remediation tracking.

5. Going forward CrowdStrike CNAPP would cover this scope, but till complete migration this tool would be used for temporarily.

Azure Advisor:

1. Provide basic security and compliance assurance and recommendation based on this tool.

Review reports and ensure mitigation by coordinating with service/system owners.