Primary Responsibilities
- Lead, manage, and understand the entire endpoint security lifecycle: obtain visibility, minimize surface area of attack, prevent and detect threats, investigate and respond, and remediate
- Deploying, configuring, operating, monitoring, tuning, upgrading, and troubleshooting endpoint security tools
- Collaborate, guide, and assist engineering with the deployment and centralization of an approved endpoint security solutions across multiple FISMA systems
- Utilize approved tools to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions
- Coordinating with engineering to develop and implement plans to apply patches, hot fixes, and other critical updates as needed
- Build queries, dashboards, and reports for enterprise and leadership awareness
- Work with technical support staff to troubleshoot endpoint tool issues and outages
- Develop and maintain policies and tasks for all related endpoint products
- Develop Standard Operating Procedures (SOPs) for the operation and maintenance of endpoint security tools
- Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards
- Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy
Basic Qualifications
- BS degree in Science, Technology, Engineering, Math or related field and 4+ years of prior relevant experience with a focus on cybersecurity. Additional experience may be considered in lieu of a degree.
- Strong foundational security knowledge, specifically in large and complex organizations
- Prior experience deploying and managing advanced endpoint security solutions: Endpoint Protection (EPP) and Detection Response (EDR). I.E. (McAfee MVISION, CrowdStrike, CarbonBlack, Microsoft Defender, Sophos, SentinelOne)
- Prior experience implementing and maintaining CyberArk.
- Understanding of the current security threat landscape and attack techniques on endpoints.
- At least one of the following certifications:
- SANS GCIA, GCIH, GCFA, GCFE, GREM, GISF, GXPN, GWEB, GNFA, GMON
- Offensive Security: OSCP, OSCE, OSWP, OSEE
- ISC2: CCFP, CISSP
- EC Council: CEH, CHFI, LPT, ECSA, ECIH
- A desire to learn, combined with a collaborative work style and strong personal work ethic
- Strong communication and presentation skills, both verbal and written
- Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program Required Education/Experience
BS degree in Science, Technology, Engineering, Math or related field and 10-12 years of prior relevant experience with a focus on cybersecurity OR Masters with 8-10 years of prior relevant experience. Requirement Certifications
CCIE Security
Cisco Certified Network Professional (CCNP)
CCNP Security
CCSP – Certified Cloud Security Professional
CEH – Certified Ethical Hacker
Certified Data Administrator Professional
Certified Implementation Engineer Specialist
Splunk Certified Architect
Certified Storage Associate
CISSP – Certified Information Systems Security
CompTIA Advanced Security Practitioner (CASP)
Converged Infrastructure Specialist
CSSLP – Certified Secure Software Lifecycle Professional
ECSP – EC-Council Certified Secure Programmer
GCIH – Incident Handler
GCWN – Windows Security Administrator
GICSP –Cyber Security Professional
GISF – Security Fundamentals
GISP – Security Professional
GSSP – Secure Software Programmer
GSSP – Secure Software Programmer
MCSE – Microsoft Certified Solutions Expert (Server)
RHCA
RHCE
SEI (Software Engineering Institute)
SSCP – Systems Security Certified Practitioner
VCA (Certified Associate)
VCAP (Certified Advanced Professional)
VCDX (Certified Design Expert)
VCIX (Implementation Expert)
VCP (Certified Professional) Preferred Qualifications
- Certifications in relevant security products would be beneficial (e.g., Tanium Certified Operator / Administrator, CrowdStrike Certified Falcon Administrator / Responder / Hunter
- Direct support of SOC analyst and/or experience working in a SOC a plus
- Familiarity of frameworks like MITRE ATT&CK a plus.
- Knowledge and understanding on how to create and implement custom signatures to detect attack behaviors and patterns. I.E. Indicators of Attack (IOAs) detection rules
- Experience with triaging and investigating hosts through EDR and EPP solutions