MEDR Threat Engineer

About The Position

Requirements

• 4+ years of experience with IT in a professional work environment
• 3+ years of experience with deployment, configuration, or maintenance to support Enterprise EDR Solutions, including CrowdStrike Falcon, Microsoft Defender, and/or Sentinel One
• 3+ years of experience in EDR and/or AV; previous work in malware and attack analysis (is Plus), research, investigation, and response highly desirable
• 1+ years of experience with performing systems administration, including basic troubleshooting and installation, monitoring system performance or availability and performing security upgrades
• Knowledge of network security architecture concepts including topology, protocols, components, and principles
• Knowledge of various Enterprise Operating System (OS) configurations and management tools for use during deployment, configuration, and management of EDR solutions

Nice To Haves

• Good to have experience working in a Security Operations Center (SOC) environment including Incident Response, Vulnerability Scanning, Threat Hunting, Network Monitoring/Log Management, or Compliance Management
• Good to have experience with complimentary Enterprise Security Tools including Security Information & Event Management (SIEM), Threat Intelligence Platforms (TIPs), or Network Monitoring Tools
• Experience with triaging security events in a security operations center (SOC) environment, leveraging data collected from enterprise security solutions
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Ability to integrate Cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Splunk and Elastic
• Additional experience in Cisco Secure Endpoint and Sophos are pluses

Responsibilities

• Act as the SME for initiatives that enhance EDR visibility, detection, and prevention for Windows, macOS, and Linux
• Develop and enhance SOAR workflows and playbooks, integrating them with EDR systems for more effective incident response and threat management
• Innovate and implement sophisticated SOAR solutions, including custom automated workflows and orchestration that address high-level security challenges
• Define and maintain strategy and roadmap for Carbon Black and CrowdStrike, and Sentinel One’s Detection functionalities with other team members, and other departments.
• Collaborate closely with SOC, Managed/Hosted SIEM team to understand threat and attack trends
• Utilize strategic insight and organizational skills to identify unmet customer needs, define use cases, and advance the functional capabilities of this offering
• Maintain, administer and provide end point security management tools (anti-virus, data loss prevention, web/spam filtering, etc.)
• Assist customers with viruses and system vulnerabilities/threats
• Implement efficiencies and create strategies to better detect/respond to cyber incidents, alerts and detections.
• Escalate detections/incidents/alerts to our customers through the ITSM/ITIL tools

Benefits

• Peer training and mentoring with upward mobility
• Health, Dental and Vision plans available first of the month and other benefits available from day 1
• Unlimited Flex Time Off
• 401K plan
• Gym reimbursement
• Employee Assistance Program
• Life and Voluntary Life Insurance programs
• A culture that is flat enough for you to have a “seat at the table”, but layered enough to provide you with mentoring and support
• A place to work where security is considered a “team sport” – we work together to identify and stop cyber attacks