- Analyze and monitor endpoint platforms for security risks to detect and act as escalation point for advanced threats/issues.
- Perform security event triage and initial incident response to detected threats.
- Assist other groups by providing endpoint log and troubleshooting information to resolve production issues.
- Regularly plan and update/create endpoint policies or controls as needed to enhance security.
- Identify potential gaps and offer solutions to include internal team needs, product improvements and client security postures.
- Communicate and enforce Information Security policies.
- Coordinates with other team members and management to investigate, document and report incidents.
- Regularly create and maintain high quality documentation for knowledgebases, changes, and procedures.
- Collaborate with our Threat Analysis Unit to provide in depth reports of confirmed security incidents and produce technical threat advisory broadcasts about new and emerging threats.
- Assist/lead new endpoint product implementation to clients.
- Expertise in Application Control (WDAC, Carbon Black Application Control)
- Experience with endpoint security tools, Nextgen Anti-Virus (NGAV), and Endpoint Detection and Response (EDR)
- Experience with APIs as they relate to security tools.
- Proficiency with three or more of the below:
- Threat Hunting.
- SIEM and Log Management experience (Splunk, IBM QRadar, HP ArcSight, LogRhythm, Stellar Cyber, etc.).
- Analysis and Forensic Tools (FTK, EnCase, ProcMon, WireShark, etc.).
- Malware sandboxing experience.
- Penetration Testing Tools (Metasploit, Kali, Atomic Red Canary, etc.).
- IOC Management.
- BS/BA degree in Computer Science, Information Systems, related discipline, or equivalent experience.
- 3-5 years of professional work experience in the cybersecurity industry.
- The ideal candidate will have macOS and Windows operating system experience, as well as scripting skills. Linux/Unix skills are a plus.
- Strong analytical skills to define risk, identify potential threats, and develop and document action/mitigation plan.
- Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats.
- Ability to work efficiently and self-motivate with little to no supervision.
- Certification/training a plus: CISSP, SAN GIAC Certifications (GCIH, GPEN, GSEC, etc.), CompTIA (Security+, CYSA+, etc.), Carbon Black/VMware, Crowdstrike, SentinelOne, etc.
- Strong written and verbal communications skills with an ability to present technical risks and issues to technical and non-technical audiences internal and external to the organization.
- Regulatory experience is a plus (GDPR, ISO27K, SSAE16, HIPAA, PCI, FISMA, etc.).
- All candidates will be required to take an extensive background screen, credit screen, and drug screen prior to employment.