EDR/IDS/IPS

NDR/Network
Integration of threat intelligence feeds with security policy enforcement points
SIEM and XDR detections

Education

• Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering, or a related field
• Deep hands-on experience with CrowdStrike and Trellix HX EDR deployments
• 3+ years of experience with EDR deployment, configuration, maintenance, and supporting enterprise EDR solutions, including CrowdStrike Falcon, Carbon Black EDR, SentinelOne, FireEye HX, McAfee MVision, Microsoft Defender for Endpoint (MDE), Tanium, or Elastic Endpoint Protection deployments.
• 3+ years of experience performing CrowdStrike EDR systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users.
• 2+ years of experience working in a Security Operations Center (SOC) environment, leveraging EDR tools to support incident response, vulnerability scanning, threat hunting, network monitoring and log management, and compliance management activities.
• Experience with optimization of EDR solutions, including refinement data produced, development of automated workflows or playbooks, integration of EDR data with Enterprise solutions (SIEM, ITSM, TIP)
• Ability to provide content on deliverables, including written reports and technical documents, SOPs and configuration guides, and training and briefing materials.
• Experience with ServiceNow SecOps and Vulnerability Management a plus
• Strong experience fine-tuning controls to meet standards utilizing custom controls and regex
• Understanding of networking technologies and concepts (routing, switching, network segmentation, etc.)
• Programming and scripting languages, preferably Python and PowerShell.

Job Type: Full-time
Pay: $120,000.00 - $130,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance

Schedule:

• 8 hour shift

Experience:

• CrowdStrike Falcon platform: 3 years (Required)
• EDR deployment: 3 years (Required)
• Security Operations Ctr (SOC): 2 years (Required)

Work Location: Hybrid remote in Washington, DC 2000

Platform Administration: Manage and administer the CrowdStrike Falcon platform, including user access, permissions, and configurations. Ensure the platform is properly configured to meet security and compliance requirements.
Endpoint Security Management: Deploy and manage endpoint security agents across the organization’s devices. Monitor and analyze endpoint security data to identify potential threats and vulnerabilities.
Incident Response: Respond to security incidents detected by the CrowdStrike Falcon platform. Investigate security alerts, analyze root causes, and take appropriate remediation actions.
Policy Management: Develop and enforce security policies within the CrowdStrike Falcon platform. Configure and customize security policies based on organizational requirements and best practices.
Threat Intelligence Integration: Integrate threat intelligence feeds into the CrowdStrike Falcon platform. Stay updated on the latest cyber threats and trends to enhance threat detection and response capabilities.
Troubleshooting and Support: Provide technical support and troubleshooting assistance to end-users regarding the CrowdStrike Falcon platform. Collaborate with CrowdStrike support teams to resolve issues and optimize platform performance.
OFR timelines and deadlines for deliverables and associated subtask completion dates.
Documentation and Reporting: Maintain detailed documentation of platform configurations, policies, and incident response procedures. Generate regular reports on security metrics, incidents, and compliance status for stakeholders.
Continuous Improvement: Identify opportunities for process improvement and optimization within the CrowdStrike Falcon platform. Stay informed about emerging technologies and industry trends to enhance security capabilities.
Compliance and Audit: Ensure that the CrowdStrike Falcon platform aligns with relevant regulatory requirements and industry standards. Participate in security audits and assessments to validate compliance with security policies and controls.
Continuously improve security posture by recommending and implementing best practices for Qualys usage.
Working knowledge of Amazon Web Services (AWS) EC2 and Workspaces, VMWare virtual infrastructure, and network/security appliances.
Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.
Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.
Provide relevant, strategic recommendations to help improve the security posture of the organization during and after an incident.
Analyze emerging threats to improve and maintain the detection and response capabilities of the organization.