Title: Cloud - IT Security AnalystDuration: Long TermLocation: Cary NC (onsite) Responsibilities: Hands on experience on security testing tools, such as Burp Suite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Qualys, Web Inspect or other tools included within the Kali Linux distribution Handling support of PC and Mac based users with security related problems Experience in security assessment activities within a clients environment, emphasizing manual stealthy testing techniques using commercially / freely available offensive security tools and utilities built into operating systems. Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing. Good understanding of cloud technologies and its security best practices Handling security incidents as reported by individuals and automated systems on laptops and mobile devices Fine-tune WAF policies and configurations to optimize security while minimizing false positives. Configure, deploy, and maintain Web Application Firewalls (WAF) in production and development environments. Coordinating investigations and reporting of security incidents related to Network, Systems and applications Coordinate and execute IT security projects for Arista at multiple locations Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises (including SAAS and IAAS) Monitoring system compliance with the IT framework for controls and levels of access; recommending improvements Collaborate with other groups inside Arista to manage security vulnerabilities and help manage risks Administer security-dedicated systems (Software, Firewall management, EDR, NDR, log collection, reporting , analytics, Cloud Security consoles) as appropriate Experience with CSPM tools such as WIZ,Lacework ,Google Security Command Center. Terraform, CloudFormation, Forseti and other similar tools experience is highly desired Conduct and collaborate on laptop and server forensics as well as Cloud / Service Provider forensics with the global security team Perform other related duties as assigned. Qualifications: Pogressive experience in computing and information security Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc Knowledge of Mitre ATT&CK framework preferred Good knowledge of security fundamentals, Networking protocols, TCP/IP stack, systems architecture, and operating systems Must have practical experience in Privacy Controls and implementing them in a corporate environment Expert knowledge is desired of laptop operating systems (MacOS, Windows and Linux) Proven project management experience a bonus - specifically experience in managing remote office configuration and bringing up and working with remote / off-site vendors Experience working in a large cloud or Internet software company Proven experience with CASB and Cloud based logging and SIEM solutions Business Application security analysis and practical experience is a plus (eg: SFDC, NS, SiSense) CISSP, GIAC or other security certifications desired. Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis. This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.