· The candidate should have a teamoriented, clientfacing mindset with proven experience conducting EDR infrastructure deployments. Use deep insights to identify, recommend and execute resolution for malware and other EDRdetected incidents while helping to develop and execute methodologies for EDR deployment, feature enablement and technical integration in a SOC.
· As an Endpoint Detection and Response (EDR) SME, candidate will play a key role in supporting the design, deployment, configuration, optimization, and operation of a largescale Endpoint Detection and Response (EDR) deployment solution or similar security products, across multiple geographies.
· Candidate shall be responsible for managing day to day operations of Security Device Management SIEM, incident response, threat hunting, Use case engineering, SOC analyst, device integration with SIEM. Also Responsible for identifying, reporting and tracking system vulnerabilities within corporate, commercial and federal assets ensuring the integrity of the environment.
Skills Required
· Project and delivery management experience 3+ years EDR administration (CrowdStrike Falcon, VMware Carbon Black, Palo Alto Network Cortex XDR, Microsoft Windows Defender, Cylance, Tanium etc.)
· 3 + years of working with EDR tools performing requirements gathering, deployment, configuration, and conducting threat hunting
· 5+ years working with operational information security disciplines (e.g. incident response, security infrastructure management, or monitoring services)
· 3+ years security tool engineering and administration (e.g. NGAV, EPP, EDR, SIEM, SOAR, UEBA, Deception, Attack Surface Management, etc.)
· Some of the following EDR experience Agent deployment, health check and coverage sustainability
· Threat Hunting
· Systems integration
· Comparing vendor functionality
· Mapping EDR capabilities to threat scenarios
· Deploying EDR in a multiagent (i.e. AV, NG AV) environments
· Deep understanding and proven experience in Cybersecurity Operations (Monitoring, Detection, Incident Response, Forensics)
Personal skills:
· Good Team player
· Possess Positive and learning attitude
· Good Verbal and Written communication skills
· Sense of Ownership, Priorities and Autonomous
· Ability to travel up to 50% of the time
Roles & Responsibilities
· As an Endpoint Detection and Response (EDR) Tools Engineer, the candidate will be part of the Cyber security team responsible for deploying, operating, and maintaining the global EDR platform. The candidate will provide support for EDR tools in the environment. The candidate must be able to communicate with the Security Operations and Incident Response teams to identify adjustments and modifications to be made to the EDR toolset. As in the most senior EDR tools engineer position, the candidate must be able to lead and by example to drive progress forward.
· Lead and oversee deployment, operation, and maintenance of the global EDR platform
· Provide support response to other security teams in respect to the EDR platform
· Identify adjustments and modifications for configuration
· Identify new opportunities for tools to incorporate into the EDR platform
· work with cross functional teams to identify the right mix of processes and technology to implement solutions to support the needs of the internal and external customers.
· Continually work on the optimization of EDR and integrated solutions, including refinement data produced, development of automated workflows or playbooks, and integration of the EDR data with complementary security solutions, including SIEM, SOAR, etc.
· Establishing technical processes and tools focused on the incident response lifecycle. Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and PostEvent Activity.
· Work to integrate cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Splunk and similar complementary security solutions.
· Manage projects to completion both individually and in a group as well as mentoring others and orchestrating team efforts for problem solving
· Serve as an escalation point to triage and remediate security events in a SOC environment by leveraging data collected from security solutions.
· Provide support in an operations and maintenance role, including ticket work information updates, issue responses, and remediation.
· Provide content on deliverables, including written reports and technical documents, SOPs and configuration guides, and training and briefing materials
· Collaborate and consult with peers, colleagues, and managers, etc. to resolve issues and achieve goals
· General SIEM monitoring, analysis, content development, and maintenance.
· Daily security activities related to the protection of corporate and other federal assets including scanning tools and ticketing systems documenting the identification and remediation process for identified system flaws
· Provide information to system owners of flaws identified within that groups responsible systems.
· · Assist in risk assessment duties including reporting and oversight of remediation efforts
· Research, analysis, and response for alerts; including log retrieval and documentation.
· Conduct analysis of network traffic and host activity across a wide array of technologies and platforms.
· Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, enduser interviews, and remediation efforts.
· Enterpriselevel experience managing the remediation of vulnerabilities in two or more of the following areas:
· Server Operating Systems (Windows Server, Red Hat, CentOS)
