Careers

Endpoint Engineer

RESPONSIBILITIES

  • Analyze and monitor endpoint platforms for security risks to detect and act as escalation point for advanced threats/issues.
  • Perform security event triage and initial incident response to detected threats.
  • Assist other groups by providing endpoint log and troubleshooting information to resolve production issues.
  • Regularly plan and update/create endpoint policies or controls as needed to enhance security.
  • Identify potential gaps and offer solutions to include internal team needs, product improvements and client security postures.
  • Communicate and enforce Information Security policies.
  • Coordinates with other team members and management to investigate, document and report incidents.
  • Regularly create and maintain high quality documentation for knowledgebases, changes, and procedures.
  • Collaborate with our Threat Analysis Unit to provide in depth reports of confirmed security incidents and produce technical threat advisory broadcasts about new and emerging threats.
  • Assist/lead new endpoint product implementation to clients.

REQUIREMENTS

  • Expertise in Application Control (WDAC, Carbon Black Application Control)
  • Experience with endpoint security tools, Nextgen Anti-Virus (NGAV), and Endpoint Detection and Response (EDR)
  • Experience with APIs as they relate to security tools.
  • Proficiency with three or more of the below:
    • Threat Hunting.
    • SIEM and Log Management experience (Splunk, IBM QRadar, HP ArcSight, LogRhythm, Stellar Cyber, etc.).
    • Analysis and Forensic Tools (FTK, EnCase, ProcMon, WireShark, etc.).
    • Malware sandboxing experience.
    • Penetration Testing Tools (Metasploit, Kali, Atomic Red Canary, etc.).
    • IOC Management.

PREFERRED EXPERIENCE

  • BS/BA degree in Computer Science, Information Systems, related discipline, or equivalent experience.
  • 3-5 years of professional work experience in the cybersecurity industry.
  • The ideal candidate will have macOS and Windows operating system experience, as well as scripting skills. Linux/Unix skills are a plus.
  • Strong analytical skills to define risk, identify potential threats, and develop and document action/mitigation plan.
  • Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats.
  • Ability to work efficiently and self-motivate with little to no supervision.
  • Certification/training a plus: CISSP, SAN GIAC Certifications (GCIH, GPEN, GSEC, etc.), CompTIA (Security+, CYSA+, etc.), Carbon Black/VMware, Crowdstrike, SentinelOne, etc.
  • Strong written and verbal communications skills with an ability to present technical risks and issues to technical and non-technical audiences internal and external to the organization.
  • Regulatory experience is a plus (GDPR, ISO27K, SSAE16, HIPAA, PCI, FISMA, etc.).

ADDITIONAL

  • All candidates will be required to take an extensive background screen, credit screen, and drug screen prior to employment.

Apply for This Position

About 5iron

5iron Active Cyber Defense solutions provide comprehensive detection and response, 24x7x365. We actively respond to events as they occur, requiring less bandwidth from our clients and taking the action needed to eliminate the threat before it causes disruption to client business or data. This approach enabled 5iron to be named to the 2022 Inc. 5000 list of fastest-growing private companies in the US.

5iron redefines industry expectations by taking an active role in the protection of our clients. Delivering 24x7x365 “eyes on” cybersecurity defense solutions, effectively minimizes cyber risk inside these organizations. Our active cyber defense solutions leverage years of information security experience to protect critical network infrastructure from the growing number of cyber threats.

5iron’s Security Operations Center (SOC) is located in Franklin, Tennessee and all security operations are run from this facility. 5iron does not use a Virtual SOC in which Security Analysts work from home or another remote location which can slow response times and affect client security. Our goal is more than notification—Our goal is response and resolution.