TEKsystems Security Engineer Tier 2 -EDR in Austin, Texas
The Tier 2 Security Engineer – EDR Specialist provides support to Security Operations in the management and tuning of various EDR solutions to provide optimal Service levels to multiple customers and customer environments. This may include managing and optimizing custom configurations for individual customers. This individual will be required to utilize an ITSM Ticketing system to track and record work performed in tuning of EDR solutions, providing accounts, creation, and management of change processes for managing applying patching and performing upgrades to various EDR Platforms.
Tier 3 Security Engineers are responsible for:
• Determining service impact of security tools.
• Alerting SOC (Security Operations Centers) of possible impacts due to misconfigurations and/or Updates.
• Working tickets via ticketing system.
• Creating tickets for various needs of Security Engineering.
• Research and data collection of events of interest to tune security tools.
• Engaging support of Tier 3 EDR Engineers, Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.
• Developing and deploying Indicators of Compromise (IOCs) and associated rules.
• Creating/updating documentation for security tools.
• Document and escalate requests for tuning, upgrades, account creations, and patching of security tools.
• Receive and analyze requests for tuning.
• Provide timely responses to requests for tuning and change management.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Assist in the construction of signatures which can be implemented on security tools in response to new or observed threats within the network environment or enclave.
• Contribute to the creation of process documentation and training materials.
• Be able to work a rotating on-call schedule as required.
• Be able to work nights and weekends, as required, for maintenance and incident response.
Qualifying Experience and Attributes
• Three (3) to five (5) years of Security Engineering, security tool administration and/or content creation.
• CompTIA Security + certification (or equivalent/higher)
• Experience with EDR Solutions from one or more of the following vendors: SentinelOne (preferred), Crowdstrike, or McAfee.
• Experience with other Security technologies such as, McAfee NSM, TippingPoint, FireEye, InfoCyte, Fortigate suite, is a plus.
• Able to use the internet to do research on events of interest.
• Working knowledge of cybersecurity and privacy principles.
• Working knowledge of cyber threats and vulnerabilities.
• Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
• Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System Interconnection Model (OSI), Information Technology Infrastructure Library, current version (ITIL)).
• Knowledge of escalation, incident management and change management processes and procedures of the Security Operations.
• Possess good communication and interpersonal skills.
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• Knowledge of various types of Cloud Architecture, Cloud data flows, and Cloud security frameworks.
• EDR Vendor certifications preferred.
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
We are an equal opportunity employers and will consider all applications without regard to race, genetic information, sex, age, color, religion, national origin, veteran status, disability or any other characteristic protected by law. To view the EEO is the law poster click here. Applicants with disabilities that require an accommodation or assistance a position, please call 888-472-3411 or email email@example.com. This is a dedicated line designed exclusively to assist job seekers whose disability prevents them from being able to apply online. Messages left for other purposes will not receive a response.
- TEKsystems Jobs