Senior Endpoint Security Analyst

Primary Responsibilities:

• Deploying, configuring, operating, monitoring, tuning, upgrading, and troubleshooting endpoint security tools
• Coordinating and assisting engineering with the deployment and centralization of an approved malware protection tool across multiple FISMA systems
• Utilize approved tools to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions
• Coordinating with engineering to develop and implement plans to apply patches, hot fixes, and other critical updates as needed
• Build queries, dashboards, and reports for enterprise and leadership awareness
• Troubleshoot endpoint tool issues and outages
• Develop and maintain policies and tasks for all related endpoint products
• Develop Standard Operating Procedures (SOPs) for the operation and maintenance of endpoint security tools
• Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards
• Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy
• Define, establish, and manage security risk metrics and track effectiveness.
• Provide leadership, coaching, and mentorship to infrastructure team members

Basic Qualifications

• BS degree in Science, Technology, Engineering, Math or related field and 8+ years of prior relevant experience with a focus on cybersecurity or Masters with 6+ years of prior relevant experience. Additional experience in lieu of degree may be acceptable.

• Prior Experience deploying Endpoint Security Solutions (ESS) including Mcafee ePO, Crowdstrike
• Strong foundational security knowledge, specifically in large and complex organizations
• Understanding of current security threats and other challenges, as well as frameworks like MITRE ATT&CK
• At least one of the following certifications:
  • SANS GCIA, GCIH, GCFA, GCFE, GREM, GISF, GXPN, GWEB, GNFA, GMON
  • Offensive Security: OSCP, OSCE, OSWP, OSEE
  • ISC2: CCFP, CISSP
  • EC Council: CEH, CHFI, LPT, ECSA, ECIH
• A desire to learn, combined with a collaborative work style and strong personal work ethic
• Strong communication and presentation skills, both verbal and written
• Must have a DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent) to start. CSSP certification is required within 90 days of start.
• Must have an active Secret Clearance and be able to obtain and maintain a TS/SCI security clearance.

Preferred Qualifications

• Certifications in relevant security products would be beneficial (e.g., Tanium Certified Operator / Administrator, CrowdStrike Certified Falcon Administrator / Responder / Hunter
• Experience deploying, configuring, and maintaining McAfee point products such as VirusScan Enterprise, Rogue System Detection (RSD), Policy Auditor (PA), Data Loss Prevention (DLP) / Device Control Module (DCM)
• Experience deploying and configuring Crowdstrike Falcon Prevent sensors on endpoints
• Experience with creating and implementing custom IOCs and IOAs in Crowdstrike
• Experience with triaging and investigating hosts using Crowdstrike