Metronome LLC has an immediate need for an experienced Endpoint Security Engineer for a new customer on a highly-visible and strategic Cybersecurity Task Order. The Endpoint Security Engineer will be responsible for implementing and operationalizing host-based defensive capabilities using endpoint protection (EPP) and detection response (EDR) products, as well as other endpoint security tools/controls. The ideal candidate is a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to work within a team to stand up and mature the cybersecurity capabilities of our customer Primary Responsibilities:
- Lead, manage, and understand the entire endpoint security lifecycle: obtain visibility, minimize surface area of attack, prevent and detect threats, investigate and respond, and remediate
- Deploying, configuring, operating, monitoring, tuning, upgrading, and troubleshooting endpoint security tools
- Collaborate, guide, and assist engineering with the deployment and centralization of an approved endpoint security solutions across multiple FISMA systems
- Utilize approved tools to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions
- Coordinating with engineering to develop and implement plans to apply patches, hot fixes, and other critical updates as needed
- Build queries, dashboards, and reports for enterprise and leadership awareness
- Work with technical support staff to troubleshoot endpoint tool issues and outages
- Develop and maintain policies and tasks for all related endpoint products
- Develop Standard Operating Procedures (SOPs) for the operation and maintenance of endpoint security tools
- Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards
- Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy
- BS degree in Science, Technology, Engineering, Math or related field and 8+ years of prior relevant experience with a focus on cybersecurity. Additional experience may be considered in lieu of a degree.
- Strong foundational security knowledge, specifically in large and complex organizations
- Prior experience deploying and managing advanced endpoint security solutions: Endpoint Protection (EPP) and Detection Response (EDR). I.E. (McAfee MVISION, CrowdStrike, CarbonBlack, Microsoft Defender, Sophos, SentinelOne)
- Prior experience implementing and maintaining CyberArk.
- Understanding of the current security threat landscape and attack techniques on endpoints.
- At least one of the following certifications:
- SANS GCIA, GCIH, GCFA, GCFE, GREM, GISF, GXPN, GWEB, GNFA, GMON, Offensive Security: OSCP, OSCE, OSWP, OSEE, ISC2: CCFP, CISSP, EC Council: CEH, CHFI, LPT, ECSA, ECIH
- A desire to learn, combined with a collaborative work style and strong personal work ethic
- Strong communication and presentation skills, both verbal and written.
- Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program
- Certifications in relevant security products would be beneficial (e.g., Tanium Certified Operator / Administrator, CrowdStrike Certified Falcon Administrator / Responder / Hunter
- Direct support of SOC analyst and/or experience working in a SOC a plus
- Familiarity of frameworks like MITRE ATT&CK a plus.
- Knowledge and understanding on how to create and implement custom signatures to detect attack behaviors and patterns. I.E. Indicators of Attack (IOAs) detection rules
- Experience with triaging and investigating hosts through EDR and EPP solutions
|