About the Role
· Lead, manage, and understand the entire endpoint security lifecycle: obtain visibility, minimize surface area of attack, prevent and detect threats, investigate and respond, and remediate
· Deploying, configuring, operating, monitoring, tuning, upgrading, and troubleshooting endpoint security tools
· Collaborate, guide, and assist engineering with the deployment and centralization of an approved endpoint security solutions across multiple FISMA systems
· Utilize approved tools to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions
· Coordinating with engineering to develop and implement plans to apply patches, hot fixes, and other critical updates as needed
· Build queries, dashboards, and reports for enterprise and leadership awareness
· Work with technical support staff to troubleshoot endpoint tool issues and outages
· Develop and maintain policies and tasks for all related endpoint products
· Develop Standard Operating Procedures (SOPs) for the operation and maintenance of endpoint security tools
· Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards
· Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy
Requirements
· Strong foundational security knowledge, specifically in large and complex organizations
· Prior experience deploying and managing advanced endpoint security solutions: Endpoint Protection (EPP) and Detection Response (EDR). I.E. (McAfee MVISION, CrowdStrike, CarbonBlack, Microsoft Defender, Sophos, SentinelOne)
· Prior experience implementing and maintaining CyberArk.
· Understanding of the current security threat landscape and attack techniques on endpoints.
· At least one of the following certifications:
· SANS GCIA, GCIH, GCFA, GCFE, GREM, GISF, GXPN, GWEB, GNFA, GMON
· Offensive Security: OSCP, OSCE, OSWP, OSEE
· ISC2: CCFP, CISSP
· EC Council: CEH, CHFI, LPT, ECSA, ECIH
· A desire to learn, combined with a collaborative work style and strong personal work ethic
· Strong communication and presentation skills, both verbal and written
· Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program
Must Have One Of The Following Required Certifications
CCIE Security
Cisco Certified Network Professional (CCNP)
CCNP Security
CCSP – Certified Cloud Security Professional
CEH – Certified Ethical Hacker
Certified Data Administrator Professional
Certified Implementation Engineer Specialist
Splunk Certified Architect
Certified Storage Associate
CISSP – Certified Information Systems Security
CompTIA Advanced Security Practitioner (CASP)
Converged Infrastructure Specialist
CSSLP – Certified Secure Software Lifecycle Professional
ECSP – EC-Council Certified Secure Programmer
GCIH – Incident Handler
GCWN – Windows Security Administrator
GICSP –Cyber Security Professional
GISF – Security Fundamentals
GISP – Security Professional
GSSP – Secure Software Programmer
GSSP – Secure Software Programmer
MCSE – Microsoft Certified Solutions Expert (Server)
RHCA
RHCE
SEI (Software Engineering Institute)
SSCP – Systems Security Certified Practitioner
VCA (Certified Associate)
VCAP (Certified Advanced Professional)
VCDX (Certified Design Expert)
VCIX (Implementation Expert)
VCP (Certified Professional)
Preferred Qualifications
· Certifications in relevant security products would be beneficial (e.g., Tanium Certified Operator / Administrator, CrowdStrike Certified Falcon Administrator / Responder / Hunter
· Direct support of SOC analyst and/or experience working in a SOC a plus
· Familiarity of frameworks like MITRE ATT&CK a plus.
· Knowledge and understanding on how to create and implement custom signatures to detect attack behaviors and patterns. I.E. Indicators of Attack (IOAs) detection rules
· Experience with triaging and investigating hosts through EDR and EPP solutions
Education
BS degree in Science, Technology, Engineering, Math or related field and 10-12 years of prior relevant experience with a focus on cybersecurity OR Masters with 8-10 years of prior relevant experience.