Principal Cyber Defense Engineer - Remote

The Principal Cyber Defense Engineer will be a senior technical individual contributor position within CIS's Operations & Security Services (OSS) Department. The Principal Cyber Defense Engineer will provide overall strategic and tactical direction, operational enhancements, and expert troubleshooting for a suite of cyber defensive capabilities deployed by OSS to thousands of State, Local, Tribal, and Territorial (SLTT) organizations through the Multi-State Information Sharing & Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC).

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.

Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

• Develop strategic roadmaps for cyber defensive technologies in alignment with OSS' strategy and direction from the MS-ISAC and EI-ISAC executive committees used within OSS by evaluating current technologies and new technologies through relationships with vendors, other non-profit organizations, and government entities
• Make recommendations to OSS executive leadership on product capabilities, direction, investments, and divestments of technologies, products, and services
• Serve as the most senior technical expert on deployed products including the Albert Intrusion Detection System (IDS), CrowdStrike endpoint protection, and Akamai's DNS security solution
• Create custom signatures for emerging threats that can be rapidly deployed to SLTT networks and other service providers. This includes writing rules for Suricata and using regular expressions and other languages for custom rules in other tools
• Provide technical leadership within the Splunk alert detection and log ingestion processes. Including but not limited to writing queries in Splunk Search Processing Language (SPL) to enhance detection and analysis capabilities
• Oversee the change control process for cyber defensive products to ensure changes are tested, rollback plans created, and signatures have a low change of blocking legitimate traffic or otherwise causing negative performance impacts on customers
• Assist internal support teams with troubleshooting highly technical issues that cannot be resolved by lower tiered support staff
• Provide briefings and trainings to SLTT members, MS-ISAC and EI-ISAC executive committees, and internal stakeholders on cyber defensive technologies. This position will closely align with the sales, marketing, and communications teams to assist with pre- and post-sales support and providing input to develop materials for members
• Other tasks and responsibilities as assigned

• Bachelor's degree in information technology, cybersecurity or a related field*
• 8+ years' experience in deploying and managing cyber defensive technologies including solutions for networks, servers, workstations, mobile devices, and other endpoints
• Significant experience with development of custom rules and signatures for Suricata, including testing for accuracy, modifying existing rules, and deploying rules to sensors
• Familiarity with Splunk best practices, architecture, and deployment processes
• Experience managing CrowdStrike endpoint protection products
• Expert level knowledge of cyber defense strategies, Domain Name System (DNS) security, the MITRE ATT&CK framework, CIS Critical Security Controls, and how to implement technical and administrative controls to mitigate threats and vulnerabilities
• Excellent client-facing and internal communication skills
• Solid organizational skills including attention to detail and multi-tasking skills
• Candidate must be eligible to obtain National Security Clearance
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

It's A Plus If You Have:

• Advanced degree in Computer Science, Business or related field
• Strong presentation capabilities
• Specific experience with emerging technologies in the cybersecurity domain
• Experience in incident response, digital forensics, and security operations

*Additional years of relevant experience or a combination of an Associate's degree or equivalent and relevant experience may be substituted for the Bachelor's degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction)
• False Statements
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.