Overview
Skills
Job Details
This is a contract to hire fully remote Cybersecurity Engineer/ Sentinel One and Netskope in the Louisville, KY area. S
No Corp to Corp, H1B and No Sponsorship provided- no outside vendors
Candidate Description
The Security Engineer – Endpoint Detect and Respond (EDR) Specialist is expected to have experience in configuring, tuning, and managing various EDR security tools, preferably Sentinel One
Experience with firewalls and IDS tuning, configuration, and management a plus.
Experience with Netskope needed as well
The Tier 3 Security Engineer – This individual will be required to utilize an ITSM Ticketing system to track and record work performed in tuning of EDR solutions, providing accounts, creation, and management of change processes for managing applying patching and performing upgrades to various EDR Platforms.
Security Engineers are responsible for:
· Determining service impact of security tools.
· Working tickets via ticketing system.
· Creating tickets for various needs of Security Engineering.
· Research and data collection of events of interest to tune security tools.
·
· Developing and deploying Indicators of Compromise (IOCs) and associated rules.
· Creating documentation for security tools.
Responsibilities
· Document and escalate requests for tuning, upgrades, account creations, and patching of security tools.
· Receive and analyze requests for tuning.
· Provide timely responses to requests for tuning and change management.
· Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
· Assist in the construction of signatures which can be implemented on security tools in response to new or observed threats within the network environment or enclave.
· Provide guidance and mentorship to Tier 2 Security Engineering personnel.
· Contribute to the creation of process documentation and training materials.
·
Qualifying Experience and Attributes
· Three (3) to five (5) years of Security Engineering, security tool administration and/or content creation.
· CompTIA Security + certification (or equivalent/higher)
· Experience with EDR Solutions from one or more of the following vendors: SentinelOne (preferred), Crowdstrike, or McAfee.
· Experience with other Security technologies such as, NetSkope, McAfee NSM, TippingPoint, FireEye, InfoCyte, Fortigate suite, is a plus.
· Able to use the internet to do research on events of interest.
· Working knowledge of cybersecurity and privacy principles.
· Working knowledge of cyber threats and vulnerabilities.
· Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
· Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
· Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
· Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
· Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
· Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
· Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
· Knowledge of escalation, incident management and change management processes and procedures of the Security Operations.
· Possess good communication and interpersonal skills.
· Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
· Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
· Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
· Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
· Knowledge of various types of Cloud Architecture, Cloud data flows, and Cloud security frameworks.
· Vendor certifications preferred.
· must be able to pass background check(s).