CyberSecurity Engineer, Identity Protection – Tier 3

Role Overview

• Deploy and configure Endpoint Detection and Response (EDR) agents across client environments. Customize detection policies to minimize false positives and ensure seamless client business operations.
• Analyze EDR telemetry to detect "living off the land" attacks and anomalies that traditional antivirus would miss.
• Actively monitor client endpoints for malicious indicators. When threats are detected, immediately isolate compromised devices and communicate the scope of the incident to the customer and cross-functional teams supporting the customer.
• Generate monthly executive summaries for clients detailing blocked attacks, health status, and ROI on their security investment.
• Schedule and run next-gen vulnerability scans on client networks and execute penetration tests as applicable against client assets.. Review the results with the client's (or their IT point-of-contact), prioritize critical patches, and verify their remediation.
• Monitor for threats and vulnerabilities specific to “Smart Home” and Internet of Things (IoT), alert impacted clients, and assist clients in the hardening of their home networks and IoT devices.
• Proactively monitor the Dark Web and criminal forums for our clients' compromised credentials, leaked intellectual property, or domain spoofing.
• Work with cross-functional teams to alert clients immediately upon discovery of leaked data and provide specific instructions on changing passwords or locking down accounts.
• Manage the credit monitoring platform, and alert clients to changes in credit scores, new credit inquiries/accounts and other identity alerts that could indicate fraudulent activity.
• In conjunction with Client Success Managers, serve as the dedicated case manager for confirmed identity theft incidents. Handle the end-to-end resolution process so the client does not have to navigate the bureaucracy alone.
• Assist in the restoration of compromised accounts, including synthetic identity fraud, medical identity theft, and tax refund fraud.
• Actively hunt for client PII on people-search sites and data broker databases. Manage the "opt-out" and removal process to minimize their public attack surface.
• Identify repetitive manual tasks (e.g., alert triage, monthly reporting, initial containment) and build SOAR playbooks or scripts (Python/PowerShell) to automate them.
• Evaluate and implement AI-driven tools to enhance threat detection accuracy. Utilize Machine Learning features within our stack to reduce "alert fatigue" and false positives.
• Continuously assess our toolset's architecture. optimize API integrations between our Identity platforms, EDR, and ticketing systems to ensure we can handle increased client volume without linear headcount growth.
• Conduct "Post-Mortem" reviews after incidents or complex identity cases to identify process gaps, updating standard operating procedures (SOPs) to be faster and smarter next time.
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Develop custom scripts, tools, or methodologies to enhance our Incident Response processes
• Develop comprehensive and accurate reports of forensic findings and Incident Response activities for both technical and executive audiences
• Be part of an on-call rotation and escalation team
• Participate in knowledge transfer sessions, product training and other strategic initiatives as needed
• Maintain working knowledge of BlackCloak’s solutions, platform features and best practices
• Mentor and support Client Success and Security Team Members
• Work closely with the engineering and product teams to continuously improve BlackCloak products
• Perform research and development on the latest cyber security attack and defense trends
• Work with the sales team to do technical demonstrations and provide subject matter expertise
• This position will require occasional time on nights and weekends to address client incidents, emergency onboardings and issues.

Requirements

• 3-5+ years of experience in Cybersecurity, Fraud Analysis, or Security Engineering
• A college degree in an Information Technology (IT/CS/CE) related discipline is a plus, with equivalent experience also considered
• Industry recognized information security certifications a plus:
• CISSP
• CCSP
• CFCE
• GIAC
• OSCP
• OSCE
• Security+
• CEH
• Penetration and vulnerability testing experience
• Windows and macOS forensic investigation and vulnerability management experience
• Experience in deploying, managing, and optimizing EDR tools to effectively detect, respond to, and mitigate threats
• Being able to correlate assets across multiple systems to ensure operational clarity and coverage is a must.
• Experience developing detection alerting using automation, orchestrating detection logic to trigger responses, and developing efficient security workflows.
• Experience with client service, communicating complex technical concepts, and a strong analytical mind required.
• Technical knowledge of operating systems such as Windows, macOS, iOS, Android, Linux
• Solid understanding of the US Credit System (Bureaus, FICO, FCRA rights).
• Experience managing identity monitoring platforms (alerts on Credit, SSN, PII)
• Operate independently and efficiently to manage multiple tasks and priorities simultaneously and successfully
• High degree of interpersonal communication skills and discretion for client privacy

Tech Stack

• Android
• Cyber Security
• iOS
• IoT
• Linux
• MacOS
• Python

Benefits

• 100% Remote Company, within the USA
• Comprehensive Medical, Dental, and Vision plans with a 100% employer-paid monthly premium option for employees & 50% employer-paid monthly premiums for dependents.
• Health Savings Account with company contribution for eligible medical plans.
• Flexible Vacation Plan
• 10 Paid Company Holidays
• 100% employer-paid Life, AD&D and Short
• and Long-Term Disability Insurance
• 401k with Traditional and Roth options, including employer match.
• Company Equity
• Paid Parental and Pregnancy Recovery Leave
• Company and team off-sites and virtual events throughout the year
• Home office stipend