CyberSecurity & Identity Protection Engineer (Tier 3)

BlackCloak’s mission is to protect corporate executives and high-profile individuals in their personal lives. They are seeking a Cybersecurity & Identity Protection Engineer to provide a comprehensive digital bodyguard service, focusing on securing endpoints, managing EDR solutions, and conducting vulnerability assessments for client safety.

Responsibilities:

• Deploy and configure Endpoint Detection and Response (EDR) agents across client environments. Customize detection policies to minimize false positives and ensure seamless client business operations
• Analyze EDR telemetry to detect "living off the land" attacks and anomalies that traditional antivirus would miss
• Actively monitor client endpoints for malicious indicators. When threats are detected, immediately isolate compromised devices and communicate the scope of the incident to the customer and cross-functional teams supporting the customer
• Generate monthly executive summaries for clients detailing blocked attacks, health status, and ROI on their security investment
• Schedule and run next-gen vulnerability scans on client networks and execute penetration tests as applicable against client assets.. Review the results with the client's (or their IT point-of-contact), prioritize critical patches, and verify their remediation
• Monitor for threats and vulnerabilities specific to “Smart Home” and Internet of Things (IoT), alert impacted clients, and assist clients in the hardening of their home networks and IoT devices
• Proactively monitor the Dark Web and criminal forums for our clients' compromised credentials, leaked intellectual property, or domain spoofing
• Work with cross-functional teams to alert clients immediately upon discovery of leaked data and provide specific instructions on changing passwords or locking down accounts
• Manage the credit monitoring platform, and alert clients to changes in credit scores, new credit inquiries/accounts and other identity alerts that could indicate fraudulent activity
• In conjunction with Client Success Managers, serve as the dedicated case manager for confirmed identity theft incidents. Handle the end-to-end resolution process so the client does not have to navigate the bureaucracy alone
• Assist in the restoration of compromised accounts, including synthetic identity fraud, medical identity theft, and tax refund fraud
• Actively hunt for client PII on people-search sites and data broker databases. Manage the "opt-out" and removal process to minimize their public attack surface
• Identify repetitive manual tasks (e.g., alert triage, monthly reporting, initial containment) and build SOAR playbooks or scripts (Python/PowerShell) to automate them
• Evaluate and implement AI-driven tools to enhance threat detection accuracy. Utilize Machine Learning features within our stack to reduce "alert fatigue" and false positives
• Continuously assess our toolset's architecture. optimize API integrations between our Identity platforms, EDR, and ticketing systems to ensure we can handle increased client volume without linear headcount growth
• Conduct "Post-Mortem" reviews after incidents or complex identity cases to identify process gaps, updating standard operating procedures (SOPs) to be faster and smarter next time
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Develop custom scripts, tools, or methodologies to enhance our Incident Response processes
• Develop comprehensive and accurate reports of forensic findings and Incident Response activities for both technical and executive audiences
• Be part of an on-call rotation and escalation team
• Participate in knowledge transfer sessions, product training and other strategic initiatives as needed
• Maintain working knowledge of BlackCloak’s solutions, platform features and best practices
• Mentor and support Client Success and Security Team Members
• Work closely with the engineering and product teams to continuously improve BlackCloak products
• Perform research and development on the latest cyber security attack and defense trends
• Work with the sales team to do technical demonstrations and provide subject matter expertise
• This position will require occasional time on nights and weekends to address client incidents, emergency onboardings and issues. There is a potential for limited travel

Requirements:

• 3-5+ years of experience in Cybersecurity, Fraud Analysis, or Security Engineering
• A college degree in an Information Technology (IT/CS/CE) related discipline is a plus, with equivalent experience also considered
• Industry recognized information security certifications a plus: CISSP, CCSP, CFCE, GIAC, OSCP, OSCE, Security+, CEH
• Privacy and identity theft risk management certifications a plus: CIPP, CIPA
• Penetration and vulnerability testing experience
• Windows and macOS forensic investigation and vulnerability management experience
• Experience in deploying, managing, and optimizing EDR tools to effectively detect, respond to, and mitigate threats
• Being able to correlate assets across multiple systems to ensure operational clarity and coverage is a must
• Experience developing detection alerting using automation, orchestrating detection logic to trigger responses, and developing efficient security workflows
• Experience with client service, communicating complex technical concepts, and a strong analytical mind required
• Technical knowledge of operating systems such as Windows, macOS, iOS, Android, Linux
• Solid understanding of the US Credit System (Bureaus, FICO, FCRA rights)
• Experience managing identity monitoring platforms (alerts on Credit, SSN, PII)
• Operate independently and efficiently to manage multiple tasks and priorities simultaneously and successfully
• High degree of interpersonal communication skills and discretion for client privacy