Endpoint Security Analyst ( R-00081680 )

Description

Leidos has an immediate need for an experienced Endpoint Security Analyst for a new customer on a highly-visible and strategic Cybersecurity Task Order. The Endpoint Security Analyst will be responsible for conduct host-based defensive cyber operations using endpoint detection and response (EDR) products, as well as anti-malware tools and other endpoint security controls. The ideal candidate is a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to work within a team to stand up and mature the cybersecurity capabilities of our customer

Primary Responsibilities:

• Deploying, configuring, operating, monitoring, tuning, upgrading, and troubleshooting endpoint security tools

• Coordinating and assisting engineering with the deployment and centralization of an approved malware protection tool across multiple FISMA systems

• Utilize approved tools to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions

• Coordinating with engineering to develop and implement plans to apply patches, hot fixes, and other critical updates as needed

• Build queries, dashboards, and reports for enterprise and leadership awareness

• Troubleshoot endpoint tool issues and outages

• Develop and maintain policies and tasks for all related endpoint products

• Develop Standard Operating Procedures (SOPs) for the operation and maintenance of endpoint security tools

• Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards

• Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy

Basic Qualifications

• Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program

• BS degree in Science, Technology, Engineering, Math or related field and 4+ years of prior relevant experience with a focus on cybersecurity

• Prior Experience deploying Endpoint Security Solutions (ESS) including Mcafee ePO, Crowdstrike, Microsoft Defender, and Sophos.

• Strong foundational security knowledge, specifically in large and complex organizations

• Understanding of current security threats and other challenges, as well as frameworks like MITRE ATT&CK

• At least one of the following certifications:

SANS GCIA, GCIH, GCFA, GCFE, GREM, GISF, GXPN, GWEB, GNFA, GMON

Offensive Security: OSCP, OSCE, OSWP, OSEE

ISC2: CCFP, CISSP

EC Council: CEH, CHFI, LPT, ECSA, ECIH

• A desire to learn, combined with a collaborative work style and strong personal work ethic

• Strong communication and presentation skills, both verbal and written

Preferred Qualifications

• Certifications in relevant security products would be beneficial (e.g., Tanium Certified Operator / Administrator, CrowdStrike Certified Falcon Administrator / Responder / Hunter

• Experience deploying, configuring, and maintaining McAfee point products such as VirusScan Enterprise, Rogue System Detection (RSD), Policy Auditor (PA), Data Loss Prevention (DLP) / Device Control Module (DCM)

• Experience deploying and configuring Crowdstrike Falcon Prevent sensors on endpoints

• Experience with creating and implementing custom IOCs and IOAs in Crowdstrike

• Experience with triaging and investigating hosts using Crowdstrike