Metronome LLC has an immediate need for an experienced Endpoint Security Engineer for a new customer on a highly-visible and strategic Cybersecurity Task Order. The Endpoint Security Engineer will be responsible for implementing and operationalizing host-based defensive capabilities using endpoint protection (EPP) and detection response (EDR) products, as well as other endpoint security tools/controls. The ideal candidate is a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to work within a team to stand up and mature the cybersecurity capabilities of our customer

Primary Responsibilities:

• Lead, manage, and understand the entire endpoint security lifecycle: obtain visibility, minimize surface area of attack, prevent and detect threats, investigate and respond, and remediate
• Deploying, configuring, operating, monitoring, tuning, upgrading, and troubleshooting endpoint security tools
• Collaborate, guide, and assist engineering with the deployment and centralization of an approved endpoint security solutions across multiple FISMA systems
• Utilize approved tools to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions
• Coordinating with engineering to develop and implement plans to apply patches, hot fixes, and other critical updates as needed
• Build queries, dashboards, and reports for enterprise and leadership awareness
• Work with technical support staff to troubleshoot endpoint tool issues and outages
• Develop and maintain policies and tasks for all related endpoint products
• Develop Standard Operating Procedures (SOPs) for the operation and maintenance of endpoint security tools
• Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards
• Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy

• BS degree in Science, Technology, Engineering, Math or related field and 8+ years of prior relevant experience with a focus on cybersecurity. Additional experience may be considered in lieu of a degree.
• Strong foundational security knowledge, specifically in large and complex organizations
• Prior experience deploying and managing advanced endpoint security solutions: Endpoint Protection (EPP) and Detection Response (EDR). I.E. (McAfee MVISION, CrowdStrike, CarbonBlack, Microsoft Defender, Sophos, SentinelOne)
• Prior experience implementing and maintaining CyberArk.
• Understanding of the current security threat landscape and attack techniques on endpoints.
• At least one of the following certifications:
• SANS GCIA, GCIH, GCFA, GCFE, GREM, GISF, GXPN, GWEB, GNFA, GMON, Offensive Security: OSCP, OSCE, OSWP, OSEE, ISC2: CCFP, CISSP, EC Council: CEH, CHFI, LPT, ECSA, ECIH
• A desire to learn, combined with a collaborative work style and strong personal work ethic
• Strong communication and presentation skills, both verbal and written.
• Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program

• Certifications in relevant security products would be beneficial (e.g., Tanium Certified Operator / Administrator, CrowdStrike Certified Falcon Administrator / Responder / Hunter
• Direct support of SOC analyst and/or experience working in a SOC a plus
• Familiarity of frameworks like MITRE ATT&CK a plus.
• Knowledge and understanding on how to create and implement custom signatures to detect attack behaviors and patterns. I.E. Indicators of Attack (IOAs) detection rules
• Experience with triaging and investigating hosts through EDR and EPP solutions