Epicareer Might not Working Properly
Learn More

MTS 2, Information Security

Salary undisclosed

Apply on

Availability Status

This job is expected to be in high demand and may close soon. We’ll remove this job ad once it's closed.


Original
Simplified

Job Description Summary

We are seeking an experienced Senior Information Security Engineer SME with specialization in anti-malware/anti-virus solutions, Endpoint Detect and Response and Network Intrusion Detection Systems, with log analysis using SIEM tools such as Splunk. The ideal candidate should also have strong experience with standing up solutions selected by the business while providing operational guidance, architecture design, integrations including SSO, SIEM, monitoring and other platform integrations, cyber security expertise, incident response collaboration experience, proficiency in vulnerability detection solutions, File Integrity Monitoring (FIM) control and policy configuration experience, operational acumen, and a solid understanding of TCP/IP networking. This role involves architecting, implementing, and maintaining security solutions to protect our infrastructure and end user computing environments, leveraging platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint, Skyhigh Web Gateway, Trellix Endpoint Security for Storage, and Cisco Firepower Intrusion Detection Systems. The ideal candidate should also have extensive experience in configuring policy, integrations and providing platform support for multiple SaaS based security tools to act as the internal L3 escalation point for tool users and as a liaison between the users and vendor contacts for tools such as Cisco Umbrella, ThreatConnect and Palo Alto Cortex Xpanse.

Key Responsibilities:

Security Solutions Implementation and Management:

  • Anti-malware/Anti-virus/Endpoint Detect and Response: Deploy, configure, and manage endpoint protection solutions to defend users and endpoints from malicious content.
  • AV/EDR Policy Configuration: Implement and maintain platforms such as CrowdStrike Falcon, Microsoft Defender for Endpoint to protect against common threats. Configure policies to provide a balance between security and user/endpoint operational impact.

Log Analysis and Monitoring:

  • SIEM Utilization: Analyze logs using Security Information and Event Management (SIEM) tools such as Splunk and Datadog to identify and respond to security incidents. Implement and manage log aggregation and monitoring solutions.
  • Incident Response: Lead incident response efforts, providing root cause analysis, forensics, and remediation.

Deployment and Onboarding:

  • Software Package Deployment: Manage the creation of endpoint security software packages for deployment via software distribution tools such as SCCM, JAMF, Puppet to ensure coverage to all endpoints in the environment.

Vulnerability Detection:

  • Endpoint Vulnerability Detection: Manage and operationalize the vulnerability detection capabilities of endpoint security software tools for distribution and ingestion via aggregation platforms for consumption by the vulnerability management teams via platform integrations.

Cyber Security:

  • Threat Analysis: Conduct thorough cyber security threat analysis and implement mitigation strategies to protect the organization’s assets.
  • Policy Development: Develop and enforce cyber security policies, standards, and best practices to ensure a secure operating environment.
  • Risk Management: Perform regular cyber security risk assessments and develop comprehensive risk management strategies.

Cloud Security:

  • Cloud Platforms: Leverage cloud security best practices to protect services hosted on AWS, Azure, and GCP. Ensure secure configurations, access controls, and monitoring are in place.
  • IAM: Manage identity and access management (IAM) policies to enforce least privilege and secure access to cloud resources.

Networking Expertise:

  • TCP/IP Networking: Apply a solid understanding of TCP/IP networking principles to design, implement, and troubleshoot secure network configurations and protocols.

Collaboration and Compliance:

  • Team Collaboration: Work closely with development, operations, network, and security teams to ensure cohesive and comprehensive security measures.
  • Communication Channels: Utilize various communication channels effectively, including meetings, emails, Slack, and MS Teams, to collaborate efficiently with team members and other stakeholders.
  • Compliance: Ensure alignment with industry standards and regulatory requirements such as GDPR, SOX, and PCI-DSS. Participate in compliance audits and risk assessments.

Training and Mentorship:

  • Education: Provide guidance and training to junior team members and other stakeholders on best practices for edge and cloud security, including the use and management of WAF, DDoS protection, and bot management products.

Preferred Qualifications:

  • Experience: 8+ years of experience in a Information Security Engineer role with a strong focus on endpoint AV/EDR, infrastructure based anti-malware solutions and network IDS products (Crowdstrike Falcon, Microsoft Defender for Endpoint, SkyHigh Web Gateway, Trellix Endpoint Security for Storage, and Cisco Firepower Intrusion Detection Systems.)
  • Technical Skills:Strong experience with performing solution stand-up including architectural design and implementation.
    Strong experience with modern antimalware and endpoint detect and response solutions (CrowdStrike Falcon and Microsoft Defender for Endpoint)
    Experience with infrastructure focused antimalware solutions providing secure ICAP server services (Skyhigh Web Gateway)
    Experience with infrastructure focused antimalware solutions providing enterprise storage (NetApp) Antivirus services. (Trellix Endpoint Security for Storage)
    Experience in providing integrations with platforms such as SSO and SIEM tools.
    Expertise in log analysis and monitoring using SIEM tools like Splunk.
    Solid understanding of TCP/IP networking, network security principles, firewalls, IDS/IPS, and secure communication protocols
    Familiarity with cloud security best practices and secure configurations on AWS, Azure, and GCP.
    Knowledge of software deployment solutions and providing packages for deployment tools (SCCM, JAMF, Puppet)

Soft Skills:

  • Problem-Solving: Excellent analytical and problem-solving skills.
  • Communication: Strong communication and collaboration abilities.
  • Leadership: Proven leadership and mentorship capabilities.
  • Team Player: Strong ability to work effectively within a team environment and collaborate across various teams.
  • Adaptability: Ability to work independently and handle multiple, complex priorities in a fast-paced environment.