Security Engineer (Tier 3 End Point) (Microsoft Defender ATP)

Company: Swoon Group
Location: Austin
Posted on: August 1, 2020

Job Description:

Swoon's leading client in Austin, TX is seeking Tier 3 End Point Microsoft Defender ATP Security Engineer for a 12 month contract Are you ready to be Swoon'd? All candidates must be a . The preferred candidate will have a total of 10 years' experience in the Information Technology Information Security industry, with minimum of 5 years of experience as a Security Engineer configuring and maintaining Endpoint security technologies. Candidate should have strong communications skills, both written and verbal, be comfortable presenting information to teammates, customer technical personnel and Leads and Managers. This is an engineer role and the candidate must be able to demonstrate ability to install, manage and maintain endpoint security technologies in a cloud environment. Demonstrated experience in supporting endpoint security technologies as an engineer is REQUIRED. Holding vendor certifications for one or more of the following is preferred for this position McAfee Endpoint Security, Tanium Protect, or CrowdStrike, Cisco AMP. This position is based in AUSTIN, TX, and will support the customer's 24x7 Security Operations Center (SOC). This position is in direct support (on-site at customer facilities) of a customer in the government sector. We are providing Managed Security Service Provider (MSSP) functions related to the Security Operations Center (SOC) including Tier 1 through Tier 3 resource capabilities and activities related to security monitoring, threat, and vulnerability management and incident response (IR). Selected candidates must be s, pass a CJIS background check process, and complete basic safety and security training to meet the customer requirements. Responsibilities Provision security tools for customer. Develop and maintain configuration for one or more suite(s) of endpoint protection technologies. Help determine tactics, techniques, and procedures (TTPs) for security tools. Recommend computing environment vulnerability corrections. Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave. Perform patch management for customer's endpoint security tools. Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms. Ability to work in multiple End Point Management systems to provide a complete Enterprise Solution. Qualifying Experience and Attributes 10 Years experience in IT Ability to configure and troubleshoot endpoint technologies such as antivirus, antimalware, host based intrusion prevention, virtual patching, and endpoint encryption. Expert level knowledge of Microsoft Defender ATP, Microsoft Threat Experts, AutoIR, EDR. Holding vendor certifications for one or more of the following is preferred for this position McAfee Endpoint Security, Tanium Protect, Cisco AMP, CrowdStrike. Direct experience managing and troubleshooting multiple the identified endpoint security products Other industry certifications such as CISSP, GCIH, CEH, etc. are a plus. Working knowledge of VMWare Solutions (vCenter and VSAN a big plus) Working knowledge of Windows Active Directory Domains Working Knowledge of various Linux OS Strong Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute). Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of cybersecurity and privacy principles. Knowledge of cyber threats and vulnerabilities. Knowledge of encryption algorithms, cryptography, and cryptographic key management concepts. Knowledge of hostnetwork access control mechanisms (e.g., access control list, capabilities lists). Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). Knowledge of incident response and handling methodologies. Knowledge of network traffic analysis methods. Knowledge of key concepts in security management (e.g., Release Management, Patch Management). Knowledge of what constitutes a network attack and it's relationship to both threats and vulnerabilities. Knowledge of defense-in-depth principles and network security architecture. Knowledge of cyber attackers (e.g., script kiddies, insider threat, nationnon-nation state sponsored). Knowledge of system administration, network, and operating system hardening techniques. Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. Signature implementation impact for viruses, malware, and attacks. Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). Knowledge of network protocols such as TCPIP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. and must be able to pass background check(s) dcejobs Id 42740

Keywords: Swoon Group, Austin , Security Engineer (Tier 3 End Point) (Microsoft Defender ATP), Other , Austin, Texas