Cyber Security Engineers

Job Description

The candidate should have a teamoriented, clientfacing mindset with proven experience conducting EDR infrastructure deployments. Use deep insights to identify, recommend and execute resolution for malware and other EDRdetected incidents while helping to develop and execute methodologies for EDR deployment, feature enablement and technical integration in a SOC.

As an Endpoint Detection and Response (EDR) SME, candidate will play a key role in supporting the design, deployment, configuration, optimization, and operation of a largescale Endpoint Detection and Response (EDR) deployment solution or similar security products, across multiple geographies.

Candidate shall be responsible for managing day to day operations of Security Device Management SIEM, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM. Also Responsible for identifying, reporting and tracking system vulnerabilities within corporate, commercial and federal assets ensuring the integrity of the environment.

Qualifications

• Experience in a cybersecurity role in a large size enterprise
• Excellent analytical and problemsolving skills with attention to detail
• Experience with deployment of an EDR solution in a large customer environment, including 15k+ endpoints
• Knowledge of intrusion detection methodologies and techniques for detecting host and network based intrusions
• Experience with providing status reports, including metrics and KPIs, for team activities
• Knowledge of network security architecture concepts including topology, protocols, components, and principles
• Knowledge of various enterprise operating system (OS) configurations and management tools for use during deployment, configuration, and management of EDR solutions
• 3+ years of experience with deployment, configuration, or maintenance of supporting enterprise EDR solutions, including Carbon Black EDR, CrowdStrike Falcon (is a plus), SentinelOne, FireEye HX, McAfee, Tanium, etc.
• 3+ years of experience with performing systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users
• 3+ years of experience in EDR andor AV; previous work in malware and attack analysis, research, investigation, and response role by performing forensic analysis of logs and packet captures to identify malicious artifacts
• 2+ years of experience in working with a Security Operations Center (SOC) environment, leveraging EDR tools to support incident response, vulnerability scanning, threat hunting, network monitoring and log management, and compliance management activities
• +3 years of experience with a solid understanding of the TCPIP protocol suite, security
• architecture, and common TTP’s (tactics, techniques, and procedures) used by threat actors
• Experience in performing and analyzing both log and packet data to perform incident response in a SIEM environment (Splunk, NetWitness, Azure Sentinel, etc.) and identify potential compromises to customer networks.
• Knowledge of federal information security policies, standards, procedures, directives, frameworks, federal security authorizations, assessment, and risk management processes for enterprise systems
• Strong verbalwritten communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers
• Experience using ticketing systems for tracking (WebHelpDesk, Remedy, OpsConsole, ServiceNow, etc.)
• Candidate must possess, at least one, applicable professionaltechnical certifications, such as Security +, C|EH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM, CrowdStrike Certified Falcon Hunter, Responder, Administrator, or CISA
• Experience in Automation orchestration technologies: such as SOAR, Ansible, Puppet, Chef
• Experience in Coding languages: such as Python, PowerShell, Perl, CC++, Java, etc.
• UnixLinux RedHat windows Administration

• Skills Required

  • Project and delivery management experience 3+ years EDR administration (CrowdStrike Falcon, VMware Carbon Black, Palo Alto Network Cortex XDR, Microsoft Windows Defender, Cylance, Tanium etc.)
  • 3 + years of working with EDR tools performing requirements gathering, deployment, configuration, and conducting threat hunting
  • 5+ years working with operational information security disciplines (e.g. incident response, security infrastructure management, or monitoring services)
  • 3+ years security tool engineering and administration (e.g. NGAV, EPP, EDR, SIEM, SOAR, UEBA, Deception, Attack Surface Management, etc.)
  • Some of the following EDR experience Agent deployment, health check and coverage sustainability
  • 1. Threat Hunting
    2. Systems integration
    3. Comparing vendor functionality
    4. Mapping EDR capabilities to threat scenarios
    5. Deploying EDR in a multiagent (i.e. AV, NG AV) environments
    6. Deep understanding and proven experience in Cybersecurity Operations (Monitoring, Detection, Incident Response, Forensics)
    7. Personal skills:

       • Good Team player
       • Possess Positive and learning attitude
       • Good Verbal and Written communication skills
       • Sense of Ownership, Priorities and Autonomous
       • Ability to travel up to 50% of the time

       • Roles & Responsibilities

         As an Endpoint Detection and Response (EDR) Tools Engineer, the candidate will be part of the Cyber security team responsible for deploying, operating, and maintaining the global EDR platform. The candidate will provide support for EDR tools in the environment. The candidate must be able to communicate with the Security Operations and Incident Response teams to identify adjustments and modifications to be made to the EDR toolset. As in the most senior EDR tools engineer position, the candidate must be able to lead and by example to drive progress forward.

         • Lead and oversee deployment, operation, and maintenance of the global EDR platform
         • Provide support response to other security teams in respect to the EDR platform
         • Identify adjustments and modifications for configuration
         • Identify new opportunities for tools to incorporate into the EDR platform
         • work with cross functional teams to identify the right mix of processes and technology to implement solutions to support the needs of the internal and external customers.
         • Continually work on the optimization of EDR and integrated solutions, including refinement data produced, development of automated workflows or playbooks, and integration of the EDR data with complementary security solutions, including SIEM, SOAR, etc.
         • Establishing technical processes and tools focused on the incident response lifecycle. Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and PostEvent Activity.
         • Work to integrate cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Splunk and similar complementary security solutions.
         • Manage projects to completion both individually and in a group as well as mentoring others and orchestrating team efforts for problem solving
         • Serve as an escalation point to triage and remediate security events in a SOC environment by leveraging data collected from security solutions.
         • Provide support in an operations and maintenance role, including ticket work information updates, issue responses, and remediation.
         • Provide content on deliverables, including written reports and technical documents, SOPs and configuration guides, and training and briefing materials
         • Collaborate and consult with peers, colleagues, and managers, etc. to resolve issues and achieve goals
         • General SIEM monitoring, analysis, content development, and maintenance.
         • Daily security activities related to the protection of corporate and other federal assets including scanning tools and ticketing systems documenting the identification and remediation process for identified system flaws
         • Provide information to system owners of flaws identified within that groups responsible systems.
         • Assist in risk assessment duties including reporting and oversight of remediation efforts
         • Research, analysis, and response for alerts; including log retrieval and documentation.
         • Conduct analysis of network traffic and host activity across a wide array of technologies and platforms.
         • Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, enduser interviews, and remediation efforts.
         • Enterpriselevel experience managing the remediation of vulnerabilities in two or more of the following areas:
         • Server Operating Systems (Windows Server, Red Hat, CentOS)
         • Network (Cisco, Fortinet, Palo Alto, F5, McAfee)
         • Storage (NetApp, CleverSafe)
         • Manage multiple projects with various priority levels and time lines from start to finish
         • Develop and maintain accurate documentation for internal procedures and services
         • Maintain knowledge of outstanding vulnerability management issues and ensure remediation timelines are completed by required guidelines
         • Thorough understanding of how to calculate CVSS v2 and v3 adjusted scores
         • Must collaborate with other departments to resolve complex issues and be detail oriented