Herndon, VA Hybrid
Please find below :
Citizenship required and able to clear secret clearance.
Comprehensive Network Detection and Response (NDR) Architect/Engineer Role Description
Role Overview
The Network Detection and Response (NDR) Architect/Engineer is a crucial cybersecurity professional responsible for designing, implementing, and maintaining advanced network security solutions. This role combines deep network expertise with cutting-edge security knowledge to protect organizations from sophisticated cyber threats
## Primary Objectives
- Enhance network visibility and threat detection capabilities
- Reduce mean time to detect (MTTD) and mean time to respond (MTTR) to security incidents
- Improve overall network security posture and resilience against cyber attacks
## Key Responsibilities
Solution Design and Implementation
- Architect comprehensive NDR solutions tailored to organizational needs
- Implement and configure NDR platforms like ExtraHop Reveal(x), Darktrace, or Vectra Cognito
- Integrate NDR solutions with existing security infrastructure (SIEM, SOAR, etc.)
- Design and implement network segmentation strategies to minimize attack surface
Network Traffic Analysis
- Analyze network traffic patterns to identify anomalies and potential threats
- Develop custom detection rules and algorithms for identifying sophisticated attacks
- Utilize machine learning and AI capabilities of NDR tools for advanced threat detection
- Perform regular network behavior analysis to establish baselines and detect deviations
Incident Response and Forensics
- Lead incident response efforts for network-related security events
- Conduct in-depth forensic analysis of security incidents
- Develop and maintain incident response playbooks
- Coordinate with other security teams during major security events
Continuous Improvement and Optimization
- Regularly assess and optimize NDR tool configurations
- Stay updated on emerging threats and adjust detection capabilities accordingly
- Conduct periodic security assessments and penetration tests
- Identify and implement new NDR technologies and methodologies
Reporting and Communication
- Generate comprehensive reports on network security status and incidents
- Present findings and recommendations to both technical and non-technical stakeholders
- Develop and deliver training sessions on NDR tools and best practices
- Collaborate with cross-functional teams to align NDR strategies with business objectives
Compliance and Governance
- Ensure NDR practices align with relevant regulatory requirements (e.g., GDPR, HIPAA, PCI DSS)
- Develop and maintain documentation for audits and compliance checks
- Contribute to the development of security policies and procedures
Required Skills And Knowledge
Technical Expertise
- Deep understanding of network protocols (TCP/IP, DNS, HTTP, etc.) and OSI model
- Proficiency in network security architectures and best practices
- Strong knowledge of common attack vectors and techniques (e.g., APTs, malware, DDoS)
- Expertise in one or more NDR platforms (ExtraHop, Darktrace, Vectra, etc.)
- Familiarity with SIEM and SOAR technologies
- Understanding of encryption technologies and PKI
- Knowledge of cloud security principles and practices
Programming and Scripting
- Proficiency in at least one scripting language (Python, PowerShell, Bash)
- Experience with API integration and automation
- Ability to develop custom tools and scripts for security analysis
Analytical And Problem-Solving Skills
- Strong analytical thinking and problem-solving abilities
- Experience in interpreting complex data sets and identifying patterns
- Ability to think like an attacker to anticipate and mitigate threats
Soft Skills
- Excellent written and verbal communication skills
- Strong leadership and team collaboration abilities
- Ability to explain complex technical concepts to non-technical audiences
- Proactive and self-motivated with a passion for cybersecurity
Preferred Qualifications
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field
- 5+ years of experience in network security or related roles
- Relevant certifications such as:
- ExtraHop Certified Professional
- Certified Information Systems Security Professional (CISSP)
- GIAC Security Expert (GSE)
- Certified Ethical Hacker (CEH)
- Cisco Certified Network Professional (CCNP) Security
- Experience with threat hunting and advanced persistent threat (APT) detection
- Familiarity with regulatory compliance standards (GDPR, HIPAA, PCI DSS, etc.)
Tools and Technologies
- NDR Platforms: ExtraHop Reveal(x), Darktrace, Vectra Cognito
- Network Analysis Tools: Wireshark, tcpdump, Netflow analyzers
- SIEM Systems: Splunk, IBM QRadar, LogRhythm
- SOAR Platforms: Palo Alto Cortex XSOAR, Swimlane, Phantom
- Firewalls and IPS/IDS systems
- Endpoint Detection and Response (EDR) solutions
- Cloud Platforms: AWS, Azure, Google Cloud
- Virtualization Technologies: VMware, Hyper-V
- Containerization and Orchestration: Docker, Kubernetes
Key Performance Indicators (KPIs)
- Reduction in mean time to detect (MTTD) and mean time to respond (MTTR)
- Number of true positive alerts generated by NDR systems
- Reduction in false positive rates
- Improvement in overall network visibility and coverage
- Successful integration of NDR with other security tools and processes
- Timely resolution of critical security incidents
- Compliance with relevant regulatory standards
NDR Architect