Perform Resident Engineer (Extended Expertise) support focused on Endpoint Protection
Provide endpoint protection and response expertise including incident response, threat hunting, and SOC support
Assist with Splunk log parsing, XDR deployment, and cloud security monitoring
Help with customer enablement, troubleshooting, and best-practice guidance
Requirements
10+ years of relevant, professional experience
Endpoint protection deployment, operationalization, troubleshooting, training experience
Experience as a Security Incident Responder or SOC analyst/manager
Familiarity with cloud technologies, providers (GCP, AWS, Azure), use-cases
Networking experience in TCP/IP, OSI Model, troubleshooting, analysis
Experience in customer-facing roles
Familiarity with machine learning and its various applications within cybersecurity
Threat hunting and detection engineering experience of tuning alerts, development of custom BIOCs, and development of correlation rules for new log sources
Experience with log ingestion and parsing rules for XDR
The ability to develop and maintain scripts in Python or Powershell is a plus
Experience with SIEM tools, such as Splunk
Basic Linux system administration & troubleshooting experience.