The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.
The Senior Security Engineer will design, configure, optimize, deploy, and validate comprehensive cybersecurity solutions with a primary focus on Splunk SIEM/SOAR platforms, Cribl log processing, CrowdStrike Falcon Suite, and advanced security orchestration. This position will manage enterprise security infrastructure including Splunk Enterprise Security, Cribl Stream/Edge for data routing and transformation, CrowdStrike Falcon Suite, SOAR playbook development and automation, cloud security posture management across AWS, and identity and access management (IAM) solutions including privileged access management (PAM). The ideal candidate will serve as a Subject Matter Expert (SME) in Splunk administration, Cribl data pipeline management, CrowdStrike endpoint protection, and security orchestration platforms, with extensive experience in incident response procedures, threat hunting, security automation, cloud security architectures, zero-trust frameworks, and identity governance.
This highly technical role requires deep understanding of modern cybersecurity engineering principles, including security-as-code, infrastructure-as-code, and DevSecOps practices. The engineer should have proven experience conducting security assessments, implementing detection rules, developing incident response playbooks, managing CrowdStrike deployments and troubleshooting EDR conflicts, and performing regular audits of security controls and access management systems.
Key Tasks and Responsibilities
- Design, deploy, and maintain NDR solutions including Corelight Zeek sensors and ExtraHop network analytics platforms to provide comprehensive network visibility and threat detection.
- Configure advanced behavioral analytics, establish baseline network patterns, tune detection algorithms to minimize false positives, and integrate NDR telemetry with SIEM platforms for centralized monitoring and automated incident response workflows.
- Architect and optimize enterprise-wide logging infrastructure to collect, normalize, and analyze security telemetry from diverse sources including endpoints, network devices, cloud services, and applications.
- Implement log retention policies, establish data parsing and enrichment pipelines using tools like Cribl, ensure compliance with regulatory requirements, and develop custom dashboards and alerting mechanisms for proactive threat hunting and security monitoring.
- Configure, tune, and maintain network and host-based IDS/IPS solutions to detect and block malicious activities in real-time.
- Develop and update custom signature rules, analyze attack patterns, coordinate threat intelligence integration, perform regular system performance optimization, and collaborate with network teams to implement inline blocking capabilities while minimizing impact to business operations.
- Lead the design and implementation of Zero Trust security frameworks including micro-segmentation, identity verification, device trust assessment, and continuous authorization mechanisms.
- Develop policies for least-privilege access controls, implement network segmentation strategies, integrate identity and access management solutions with network security controls, and establish continuous monitoring and validation processes to ensure all network communications are authenticated, authorized, and encrypted.
- Platform Administration: Architect, engineer and administer the CrowdStrike Falcon platform, including NextGen SIEM, identity, cloud, and Falcon.
- Endpoint Security Management: Deploy and manage endpoint security agents across the organization’s devices. Monitor and analyze endpoint security data to identify potential threats and vulnerabilities.
- Incident Response: Respond to security incidents detected by the CrowdStrike Falcon platform. Investigate security alerts, analyze root causes, and take appropriate remediation actions.
- Policy Management: Develop and enforce security policies within the CrowdStrike Falcon platform. Configure and customize security policies based on organizational requirements and best practices.
- Threat Intelligence Integration: Integrate threat intelligence feeds into the CrowdStrike Falcon platform. Stay updated on the latest cyber threats and trends to enhance threat detection and response capabilities.
- Troubleshooting and Support: Provide technical support and troubleshooting assistance to end-users regarding the CrowdStrike Falcon platform. Collaborate with CrowdStrike support teams to resolve issues and optimize platform performance.
- Documentation and Reporting: Maintain detailed documentation of platform configurations, policies, and incident response procedures. Generate regular reports on security metrics, incidents, and compliance status for stakeholders.
- Continuous Improvement: Identify opportunities for process improvement and optimization within the CrowdStrike Falcon platform. Stay informed about emerging technologies and industry trends to enhance security capabilities.
- Compliance and Audit: Ensure that the CrowdStrike Falcon platform aligns with relevant regulatory requirements and industry standards. Participate in security audits and assessments to validate compliance with security policies and controls.
- Continuously improve security posture by recommending and implementing best practices for Qualys usage.
- Working knowledge of Amazon Web Services (AWS) EC2 and Workspaces, VMWare virtual infrastructure, and network/security appliances.
- Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.
- Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.
- Provide relevant, strategic recommendations to help improve the security posture of the organization during and after an incident.
- Analyze emerging threats to improve and maintain the detection and response capabilities of the organization.
- Integration of threat intelligence feeds with security policy enforcement points
- Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat
- Document specifications, playbooks, and detections - not as an afterthought, but through the whole process.
- Work with developers to build security automation workflows, enrichments, and mitigations.
- Evaluate policies and procedures and recommend updates to management as appropriate.
Job Requirements:
Education & Experience
- Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering, or a related field
- Deep hands-on experience with CrowdStrike and Trellix HX EDR deployments
- 3+ years of experience with EDR deployment, configuration, maintenance, and supporting enterprise EDR solutions, including CrowdStrike Falcon, Carbon Black EDR, SentinelOne, FireEye HX, McAfee MVision, Microsoft Defender for Endpoint (MDE), Tanium, or Elastic Endpoint Protection deployments.
- 3+ years of experience performing CrowdStrike EDR systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users.
- 2+ years of experience working in a Security Operations Center (SOC) environment, leveraging EDR tools to support incident response, vulnerability scanning, threat hunting, network monitoring and log management, and compliance management activities.
- Experience with optimization of EDR solutions, including refinement data produced, development of automated workflows or playbooks, integration of EDR data with Enterprise solutions (SIEM, ITSM, TIP)
- Ability to provide content on deliverables, including written reports and technical documents, SOPs and configuration guides, and training and briefing materials.
- Experience with ServiceNow SecOps and Vulnerability Management a plus
- Strong experience fine-tuning controls to meet standards utilizing custom controls and regex
- Understanding of networking technologies and concepts (routing, switching, network segmentation, etc.)
- Programming and scripting languages, preferably Python and PowerShell.
- Strong written and verbal communication skills; must be able to effectively communicate with all levels of staff up to executive-level management, customers (internal and external), and vendors.
- Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required
- Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10
Certifications
o Certified Information Security Professional (CISSP) preferred
o Other certifications in CrowdStrike or related certifications (e.g., SentinelOne, Trellix HX, Microsoft Defender) is a plus
o Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
Security Clearance
- Public Trust
- US Citizen or Lawful Permanent Resident
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
- This is a remote/work from home role
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Human Resources at
[email protected].
Get job alerts by email. Sign up now! Join Our Talent Network!
EXPERIENCE
Not Specified
Linked-in
Google