Torchora
Back to Home

Key Responsibilities and Required Skills for Cloud Security Analyst

💰 $90,000 - $150,000

SecurityCloudInformation Technology

🎯 Role Definition

We are seeking an experienced Cloud Security Analyst to join a growing security organization and drive proactive cloud risk reduction across public cloud environments (AWS, Azure, GCP). The Cloud Security Analyst will own cloud security monitoring, vulnerability management, identity and access governance, secure infrastructure-as-code validation, and incident detection/response for containerized and serverless workloads. This role partners with engineering, DevOps, product, and compliance teams to embed security into the software development lifecycle (SDLC) and cloud operations using automation, policy-as-code, and modern cloud security tooling (CSPM, CWPP, CASB, SIEM).

Primary mission: reduce business risk, enable rapid secure cloud deployments, detect and remediate threats, and continuously improve the cloud security posture by applying best practices (CIS benchmarks, NIST, MITRE ATT&CK) and cloud-native controls.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Information Security Analyst with cloud exposure
  • Cloud Engineer or DevOps Engineer with security focus
  • SOC Analyst or Incident Responder with cloud monitoring experience

Advancement To:

  • Senior Cloud Security Analyst / Cloud Security Engineer
  • Cloud Security Architect
  • Manager, Cloud Security / Head of Cloud Security
  • Director of Security Operations or Cloud Risk

Lateral Moves:

  • DevSecOps Engineer
  • Cloud Infrastructure Engineer
  • Compliance & Risk Analyst (cloud-focused)

Core Responsibilities

Primary Functions

  • Design, implement and continuously improve cloud security monitoring and detection capabilities across AWS, Azure, and GCP, including building detection rules, playbooks, and alerts in the SIEM to identify suspicious activity and cloud misconfigurations.
  • Conduct cloud-native threat hunting and incident investigations using logs, traces, VPC flow data, CloudTrail, Azure Monitor, GCP Cloud Audit Logs and endpoint telemetry; triage findings and work with engineering teams to perform root cause analysis and remediation.
  • Lead cloud security posture management (CSPM) operations: assess, prioritize and remediate misconfigurations and drift against CIS benchmarks, organizational baselines, and compliance frameworks (PCI, HIPAA, SOC2, NIST).
  • Implement and maintain identity and access management (IAM) controls, role-based access, least privilege policies, and cross-account trust models; perform periodic access reviews and automate remediation for overly permissive roles and policies.
  • Manage vulnerability scanning and cloud workload protection (CWPP) for VMs, containers, and serverless functions; validate pipeline-integrated scanning and coordinate remediation with application and platform teams.
  • Perform secure Infrastructure-as-Code (IaC) reviews and integrate static and dynamic IaC scanning (Terraform, CloudFormation, ARM templates) into CI/CD pipelines to detect secrets, insecure defaults, and drift before deployment.
  • Build and maintain automation scripts and runbooks (Terraform, Python, Bash) to apply repeatable security configurations, enforce guardrails, and remediate high-priority risks at scale.
  • Configure and operate cloud-native and third-party security tooling: AWS Security Hub, Azure Security Center/Microsoft Defender for Cloud, GCP Security Command Center, Prisma Cloud, Dome9, Lacework, Tenable.io, Qualys.
  • Develop, maintain and test incident response playbooks specific to cloud incidents (compromised identities, exposed S3 buckets, container escapes, lateral movement) and lead remediation during security incidents involving cloud assets.
  • Partner with DevOps/Platform teams to design secure network architecture (VPCs, subnets, NSGs, routing, security groups), segmentation, and transit models that minimize blast radius while supporting scale and automation.
  • Evaluate and implement runtime container and Kubernetes security controls (pod security policies, network policies, image scanning, admission controllers) and integrate container security into the CI/CD pipeline.
  • Perform cloud risk assessments, threat modeling and security reviews of new cloud services, third-party SaaS, and integrations; provide security guidance and accept/reject recommendations for new architectures.
  • Create and maintain security metrics, dashboards, and executive reports to measure cloud security posture, mean time to detect (MTTD), mean time to remediate (MTTR), and program effectiveness.
  • Drive policy-as-code and guardrail implementation using frameworks and tools (OPA, Gatekeeper, AWS Config Rules, Azure Policy) to prevent insecure resource creation and enforce compliance continuously.
  • Coordinate penetration tests, purple team exercises and red team assessments focused on cloud attack paths; validate findings and manage remediation verification.
  • Conduct vendor security assessments and third-party risk evaluations for cloud service providers and SaaS integrations, ensuring encryption, data residency, and contract-level security requirements are met.
  • Advise product teams on encryption at rest/in transit, key management (AWS KMS, Azure Key Vault, GCP KMS), secrets management (HashiCorp Vault, AWS Secrets Manager) and secure key rotation practices.
  • Support data protection initiatives by classifying cloud-hosted data, applying data loss prevention (DLP) controls, and ensuring sensitive data is stored and processed in accordance with regulatory requirements.
  • Create and deliver cloud security training, runbooks and documentation for engineering and operations teams to raise security awareness, improve secure coding practices, and reduce friction for secure deployments.
  • Maintain awareness of emerging cloud threats, vulnerabilities, and attack techniques (supply chain attacks, container escapes, IAM exploitation) and translate these into actionable improvements to detection and prevention.
  • Lead remediation coordination for prioritized cloud security findings, driving cross-functional working groups and tracking closure to reduce organizational risk.
  • Audit and validate network egress/ingress rules, firewall configurations, and API gateway policies to reduce exposure to internet-facing services and unapproved data exfiltration.
  • Design and validate multi-account/cloud tenancy security controls, including centralized logging, cross-account alerting, and delegated administration models that support secure scale.
  • Implement and govern encryption and secure configuration of serverless and managed database services (RDS, DynamoDB, CosmosDB, BigQuery) and ensure backups and snapshots are secured and auditable.

Secondary Functions

  • Support ad-hoc data requests and exploratory data analysis.
  • Contribute to the organization's data strategy and roadmap.
  • Collaborate with business units to translate data needs into engineering requirements.
  • Participate in sprint planning and agile ceremonies within the data engineering team.
  • Provide subject matter expertise for cloud security features requested by product teams and during architecture review boards.
  • Assist in the creation and maintenance of standard operating procedures (SOPs), onboarding guides, and security checklists for cloud teams.
  • Mentor junior analysts and help scale operational playbooks, detection content, and automation patterns across the security organization.

Required Skills & Competencies

Hard Skills (Technical)

  • Deep experience with public cloud platforms: AWS, Azure, and/or GCP; including native security services (CloudTrail, GuardDuty, Security Hub, Azure Defender, GCP SCC).
  • Strong Identity & Access Management (IAM) knowledge: roles, policies, trust relationships, federated SSO (SAML/OIDC), and least-privilege enforcement.
  • Hands-on experience with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) such as Prisma Cloud, Dome9, Lacework, Aqua, or Twistlock.
  • Practical knowledge of SIEM and log aggregation platforms (Splunk, Elastic Stack, Sumo Logic, Microsoft Sentinel) and ability to author detection rules and parsers.
  • Strong IaC experience: review and secure Terraform, CloudFormation, ARM templates; integrate static IaC scanning tools (Checkov, tfsec, Snyk IaC).
  • Container and Kubernetes security experience: admission controllers, image scanning (Clair/Trivy), runtime monitoring, RBAC and network policies.
  • Vulnerability management skills for cloud assets, including runtime workloads, container images, and serverless functions; experience using Tenable, Qualys, or similar.
  • Scripting and automation: proficient in Python, Bash, PowerShell, and using automation frameworks (Terraform, Ansible) to codify security controls.
  • Network security and cloud networking: VPC design, security groups, NACLs, transit gateways, VPNs, service meshes, and secure peering patterns.
  • Incident response and digital forensics skills for cloud-native artifacts and logs; ability to capture evidence and lead containment.
  • Knowledge of encryption, key management, secrets management tools and best practices (AWS KMS, Azure Key Vault, GCP KMS, HashiCorp Vault).
  • Familiarity with compliance frameworks and standards: NIST, CIS, PCI-DSS, HIPAA, SOC2 — and translating controls into cloud configurations.
  • Experience with policy-as-code and runtime enforcement tools: OPA/Gatekeeper, AWS Config Rules, Azure Policy.
  • Exposure to DevSecOps practices and integrating security into CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI).
  • Understanding of attack techniques and frameworks such as MITRE ATT&CK and cloud-specific adversary behaviors.

Soft Skills

  • Clear and persuasive written and verbal communication — able to explain technical risk to executives and engineers.
  • Strong analytical and problem-solving mindset; comfortable working with noisy telemetry and incomplete data to build detections.
  • Collaboration and stakeholder management — ability to drive cross-functional remediation and influence without direct authority.
  • Project management and prioritization skills — balancing operational tasks, risk reduction projects, and incident response.
  • Attention to detail and strong documentation habits — creating repeatable runbooks and reproducible automation.
  • Continuous learning mindset — keeps current with cloud security trends, new services, and emerging threats.
  • Customer-first orientation — enabling teams to ship securely with minimal friction.
  • Teaching and mentoring capability to raise cloud security maturity across engineering teams.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in Computer Science, Information Security, Information Systems, Cybersecurity, or equivalent practical experience.

Preferred Education:

  • Master's degree in Cybersecurity, Information Systems, or related field OR relevant professional certifications (see below).

Relevant Fields of Study:

  • Computer Science
  • Information Security / Cybersecurity
  • Cloud Computing
  • Software Engineering
  • Information Systems

Experience Requirements

Typical Experience Range:

  • 2–5 years in cloud security, security operations, DevSecOps, or cloud engineering roles with hands-on responsibility for cloud security controls.

Preferred:

  • 5+ years of progressive experience securing production cloud environments and demonstrated experience building detection, automation, and governance at scale.
  • Preferred certifications: AWS Certified Security – Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, CISSP, CCSP, or relevant GIAC certifications (e.g., GCIH, GCIA).
  • Proven track record of working with cross-functional engineering teams and leading incident response for cloud-based incidents.
Explore More Careers