Tier 3 Security Engineer (Endpoint- EDR)

Tier 3 Security Engineer (Endpoint- EDR)

02 Aug 2024
District of Columbia, Washington, 56901 Washington USA

Tier 3 Security Engineer (Endpoint- EDR)

Vacancy expired!



Job Number: 235818

Tier 3 Security Engineer (Endpoint- EDR)




The Tier 3 Security Engineer - Endpoint Detect and Respond (EDR) Specialist is expected to have experience in configuring, tuning, and managing various EDR security tools, preferably within a Managed Security Services Provider (MSSP) environment. Expertise with the products offered by one or more of the following vendors is required:


  • SentinalOne (preferred),

  • Crowdstrike,

  • McAfee.


Experience with firewalls and IDS tuning, configuration, and management a plus.

The Tier 3 Security Engineer - EDR Specialist provides support to Security Operations in the management and tuning of various EDR solutions to provide optimal Service levels to multiple customers and customer environments. This may include managing and optimizing custom configurations for individual customers. This individual will be required to utilize an ITSM Ticketing system to track and record work performed in tuning of EDR solutions, providing accounts, creation, and management of change processes for managing applying patching and performing upgrades to various EDR Platforms.

Tier 3 Security Engineers are responsible for:


  • Determining service impact of security tools.

  • Alerting SOC (Security Operations Centers) of possible impacts due to misconfigurations and/or Updates.

  • Working tickets via ticketing system.

  • Creating tickets for various needs of Security Engineering.

  • Research and data collection of events of interest to tune security tools.

  • Engaging support of Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.

  • Developing and deploying Indicators of Compromise (IOCs) and associated rules.

  • Creating documentation for security tools.


Responsibilities

  • Document and escalate requests for tuning, upgrades, account creations, and patching of security tools.

  • Receive and analyze requests for tuning.

  • Provide timely responses to requests for tuning and change management.

  • Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).

  • Assist in the construction of signatures which can be implemented on security tools in response to new or observed threats within the network environment or enclave.

  • Provide guidance and mentorship to Tier 2 Security Engineering personnel.

  • Contribute to the creation of process documentation and training materials.

  • Be able to work a rotating on-call schedule as required.

  • Be able to work nights and weekends, as required, for maintenance and incident response.


Qualifying Experience and Attributes

  • Three (3) to five (5) years of Security Engineering, security tool administration and/or content creation.

  • CompTIA Security + certification (or equivalent/higher)

  • Experience with EDR Solutions from one or more of the following vendors: SentinelOne (preferred), Crowdstrike, or McAfee.

  • Experience with other Security technologies such as, McAfee NSM, TippingPoint, FireEye, InfoCyte, Fortigate suite, is a plus.

  • Able to use the internet to do research on events of interest.

  • Working knowledge of cybersecurity and privacy principles.

  • Working knowledge of cyber threats and vulnerabilities.

  • Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.

  • Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.

  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).

  • Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).

  • Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

  • Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.

  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

  • Knowledge of escalation, incident management and change management processes and procedures of the Security Operations.

  • Possess good communication and interpersonal skills.

  • Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

  • Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

  • Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

  • Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).

  • Knowledge of various types of Cloud Architecture, Cloud data flows, and Cloud security frameworks.

  • Vendor certifications preferred.

  • and must be able to pass background check(s).


THIRD PARTY AGENCIES, SUBCONTRACTORS, AND RECRUITERS NEED NOT APPLY. Applicants received from firms will not be considered. Subcontracting is not available for this position.

Related jobs

Job Details

Jocancy Online Job Portal by jobSearchi.