Primary Responsibilities:
• Lead, manage, and understand the entire endpoint security lifecycle: obtain visibility, minimize surface area of attack, prevent and detect threats, investigate and respond, and remediate
• Deploying, configuring, operating, monitoring, tuning, upgrading, and troubleshooting endpoint security tools
• Collaborate, guide, and assist engineering with the deployment and centralization of an approved endpoint security solutions across multiple FISMA systems
• Utilize approved tools to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions
• Coordinating with engineering to develop and implement plans to apply patches, hot fixes, and other critical updates as needed
• Build queries, dashboards, and reports for enterprise and leadership awareness
• Work with technical support staff to troubleshoot endpoint tool issues and outages
• Develop and maintain policies and tasks for all related endpoint products
• Develop Standard Operating Procedures (SOPs) for the operation and maintenance of endpoint security tools
• Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards
• Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy
Basic Qualifications
• BS degree in Science, Technology, Engineering, Math or related field and 4+ years of prior relevant experience with a focus on cybersecurity. Additional experience may be considered in lieu of a degree.
• Strong foundational security knowledge, specifically in large and complex organizations
• Prior experience deploying and managing advanced endpoint security solutions: Endpoint Protection (EPP) and Detection Response (EDR). I.E. (McAfee MVISION, CrowdStrike, CarbonBlack, Microsoft Defender, Sophos, SentinelOne)
• Prior experience implementing and maintaining CyberArk.
• Understanding of the current security threat landscape and attack techniques on endpoints.
• At least one of the following certifications:
• SANS GCIA, GCIH, GCFA, GCFE, GREM, GISF, GXPN, GWEB, GNFA, GMON
• Offensive Security: OSCP, OSCE, OSWP, OSEE
• ISC2: CCFP, CISSP
• EC Council: CEH, CHFI, LPT, ECSA, ECIH
• A desire to learn, combined with a collaborative work style and strong personal work ethic
• Strong communication and presentation skills, both verbal and written
• Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program Required Education/Experience
BS degree in Science, Technology, Engineering, Math or related field and 10-12 years of prior relevant experience with a focus on cybersecurity OR Masters with 8-10 years of prior relevant experience. Requirement Certifications
CCIE Security
Cisco Certified Network Professional (CCNP)
CCNP Security
CCSP - Certified Cloud Security Professional
CEH - Certified Ethical Hacker
Certified Data Administrator Professional
Certified Implementation Engineer Specialist
Splunk Certified Architect
Certified Storage Associate
CISSP - Certified Information Systems Security
CompTIA Advanced Security Practitioner (CASP)
Converged Infrastructure Specialist
CSSLP - Certified Secure Software Lifecycle Professional
ECSP - EC-Council Certified Secure Programmer
GCIH - Incident Handler
GCWN - Windows Security Administrator
GICSP -Cyber Security Professional
GISF - Security Fundamentals
GISP - Security Professional
GSSP - Secure Software Programmer
GSSP - Secure Software Programmer
MCSE - Microsoft Certified Solutions Expert (Server)
RHCA
RHCE
SEI (Software Engineering Institute)
SSCP - Systems Security Certified Practitioner
VCA (Certified Associate)
VCAP (Certified Advanced Professional)
VCDX (Certified Design Expert)
VCIX (Implementation Expert)
VCP (Certified Professional) Preferred Qualifications
• Certifications in relevant security products would be beneficial (e.g., Tanium Certified Operator / Administrator, CrowdStrike Certified Falcon Administrator / Responder / Hunter
• Direct support of SOC analyst and/or experience working in a SOC a plus
• Familiarity of frameworks like MITRE ATT&CK a plus.
• Knowledge and understanding on how to create and implement custom signatures to detect attack behaviors and patterns. I.E. Indicators of Attack (IOAs) detection rules
• Experience with triaging and investigating hosts through EDR and EPP solutions
Date Posted: 14 May 2024
Apply for this Job