Senior Endpoint Detection and Response (EDR) Engineer at Computer World Services (CWS)Corporation in Atlanta, Georgia

Job Description:

Job Description

The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.

The Senior Endpoint Detection and Response (EDR) Engineer will help design, configure, optimize, deploy, and validate CrowdStrike Falcon and Trellix HX agents. This position will manage the CrowdStrike Falcon Suite (Next-Gen Antivirus (NGAV), EDR, XDR, SIEM) and Trellix HX, handle firewall management and exceptions, device management, vulnerability management and mitigation. The ideal candidate will be a Subject Matter Expert (SME) in CrowdStrike and Trellix, have extensive device management experience troubleshooting EDR conflict and performance issues, possess excellent communication skills, and collaborate effectively with cross-functional teams across an IT organization. The engineer should have experience conducting regular audits to ensure security controls such using EDR are functioning as expected.

This is a highly technical role that requires a solid understanding of EDR systems, capabilities, and best practices. As part of a growing team this role will have the ability to leverage and work with new capabilities as they are deployed including deception infrastructure, continuous penetration testing, data loss prevention (DLP), and machine learning capabilities. This role is expected to contribute to maturing the overall IR and security capability through experience and recommendations at every level of security.

Key Tasks and Responsibilities

* Platform Administration: Manage and administer the CrowdStrike Falcon platform, including user access, permissions, and configurations. Ensure the platform is properly configured to meet security and compliance requirements.

* Endpoint Security Management: Deploy and manage endpoint security agents across the organization's devices. Monitor and analyze endpoint security data to identify potential threats and vulnerabilities.

* Incident Response: Respond to security incidents detected by the CrowdStrike Falcon platform. Investigate security alerts, analyze root causes, and take appropriate remediation actions.

* Policy Management: Develop and enforce security policies within the CrowdStrike Falcon platform. Configure and customize security policies based on organizational requirements and best practices.

* Threat Intelligence Integration: Integrate threat intelligence feeds into the CrowdStrike Falcon platform. Stay updated on the latest cyber threats and trends to enhance threat detection and response capabilities.

* Troubleshooting and Support: Provide technical support and troubleshooting assistance to end-users regarding the CrowdStrike Falcon platform. Collaborate with CrowdStrike support teams to resolve issues and optimize platform performance.

* Documentation and Reporting: Maintain detailed documentation of platform configurations, policies, and incident response procedures. Generate regular reports on security metrics, incidents, and compliance status for stakeholders.

* Continuous Improvement: Identify opportunities for process improvement and optimization within the CrowdStrike Falcon platform. Stay informed about emerging technologies and industry trends to enhance security capabilities.

* Compliance and Audit: Ensure that the CrowdStrike Falcon platform aligns with relevant regulatory requirements and industry standards. Participate in security audits and assessments to validate compliance with security policies and controls.

* Continuously improve security posture by recommending and implementing best practices for Qualys usage.

* Working knowledge of Amazon Web Services (AWS) EC2 and Workspaces, VMWare virtual infrastructure, and network/security appliances.

* Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.

* Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.

* Provide relevant, strategic recommendations to help improve the security posture of the organization during and after an incident.

* Analyze emerging threats to improve and maintain the detection and response capabilities of the organization.

* EDR/IDS/IPS

* NDR/Network

* Integration of threat intelligence feeds with security policy enforcement points

* SIEM and XDR detections

* Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat

* Document specifications, playbooks, and detections - not as an afterthought, but through the whole process

* Work with developers to build security automation workflows, enrichments, and mitigations.

* Evaluate policies and procedures and recommend updates to management as appropriate

Education & Experience

* Bachelor's degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering, or a related field

* Deep hands-on experience with CrowdStrike and Trellix HX EDR deployments

* 3+ years of experience with EDR deployment, configuration, maintenance, and supporting enterprise EDR solutions, including CrowdStrike Falcon, Carbon Black EDR, SentinelOne, FireEye HX, McAfee MVision, Microsoft Defender for Endpoint (MDE), Tanium, or Elastic Endpoint Protection deployments.

* 3+ years of experience performing CrowdStrike EDR systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users.

* 2+ years of experience working in a Security Operations Center (SOC) environment, leveraging EDR tools to support incident response, vulnerability scanning, threat hunting, network monitoring and log management, and compliance management activities.

* Experience with optimization of EDR solutions, including refinement data produced, development of automated workflows or playbooks, integration of EDR data with Enterprise solutions (SIEM, ITSM, TIP)

* Ability to provide content on deliverables, including written reports and technical documents, SOPs and configuration guides, and training and briefing materials.

* Experience with ServiceNow SecOps and Vulnerability Management a plus

* Strong experience fine-tuning controls to meet standards utilizing custom controls and regex

* Understanding of networking technologies and concepts (routing, switching, network segmentation, etc.)

* Programming and scripting languages, preferably Python and PowerShell.

* Strong written and verbal communication skills; must be able to effectively communicate with all levels of staff up to executive-level management, customers (internal and external), and vendors.

* Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required

* Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10

Certifications

* Certifications

o CrowdStrike Certified Falcon Administrator certification preferred

o Other certifications in CrowdStrike or related certifications (e.g., SentinelOne, Trellix HX, Microsoft Defender) is a plus

o Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent

Security Clearance

* Public Trust

* Must be US Citizen

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)

* This is a remote/work from home role

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at