CrowdStrike Engineer

About The Position

Requirements

• Bachelor’s in computer science, business, or other relevant discipline
• 2-5 years of experience in defining security, utilization, and performance requirements in mid-to-large sized enterprise environments within CrowdStrike, Microsoft Defender, etc.
• Ability to obtain a Secret Clearance

Nice To Haves

• One or more of the following certifications: CrowdStrike Certified Falcon Administrator (CCFA) or platform equivalent CrowdStrike Certified SIEM Engineer (CCSE) or platform equivalent CrowdStrike Certified Cloud Specialist (CCCS) or platform equivalent
• Extensive demonstrated experience in design, deployment, optimization, and advanced troubleshooting of EDR platforms such as CrowdStrike, Microsoft Defender, etc. within a large, distributed (10,000+ endpoints, 10+ sites) enterprise environment
• Experience with creating and updating policies, protection rules, installing services/applications, removing duplicate records, and troubleshooting issues with the EDR sensor, cloud platform, and related applications Examples of past experience include: resolving application performance related issues, configuring dynamic grouping, and experience interpreting Windows and Linux system logs
• Familiarity with manual and automated (deployed) application installation procedures on Windows systems, Linux systems, and macOS, iOS, and iPadOS systems
• Proven ability to architect, implement, and manage complex firewall rules, access rules, indicators of attack (IOAs), indicators of compromise (IOCs), EDR/NGAV machine learning (ML) exclusions, security configuration policies, and USB device protection/control policies
• Experience providing Tier 3 support to IT and security teams
• Advanced experience in creating EDR/NGAV reports and dashboards for security analytics, event trending, compliance auditing, and executive-level presentations from platforms such as CrowdStrike, Microsoft Defender, etc
• Demonstrated ability to mentor junior engineers, provide technical leadership, and review the work of less-experienced team members, fostering a collaborative working and learning environment
• Expert ability to collaborate effectively with IT managers, security teams, and other stakeholders to validate configurations, lead discussions on policy enhancements, and provide advanced training
• Strong technical writing skills for developing and maintaining comprehensive documentation, standard operating procedures (SOPs), basic end user guides, and advanced IT troubleshooting guides
• Exceptional verbal and written communication skills, including the ability to provide detailed progress, exception, and incident reports for technical audiences, as well as summarized, easy-to-understand reports for non-technical and executive audiences

Responsibilities

• Architecting, configuring, operating, and maintaining client's platforms in areas such as protection suite, which covers approximately 3,000 Windows/Linux Servers and Cloud Workloads, and approximately 18,000 Internal Workstations, including up to 3,000 Virtual Desktop (VDI) workstations
• Maintenance and configuration tasks for the EDR/NGAV platform may include but shall not be limited to: Assisting with troubleshooting automated deployment installation issues; Administering and maintaining the cloud platform, including user roles, policies, dynamic groupings, and other configuration items; Creating, updating, enabling and disabling policies as required, including: EDR sensor update policies, content update policies, next‑generation antivirus (NGAV) prevention policies, Identity Protection policies, USB device policies, endpoint response policies, firewall policies, Falcon icon policies, and host retention policies; Configuring and deploying any additional EDR/NGAV feature modules; Creating dashboards and reports, as directed; Troubleshooting data integrity issues in the platform; Architecting/designing host group structures that enable the most efficient application of the above policies
• Adhere to federal government and industry best practices when making configuration and architecture recommendations
• Firewall protection enabled & enforced on all endpoints/workstations and servers, to secure them against unauthorized ingress and egress traffic
• Endpoint antivirus and anti-malware protection enabled & enforced for desktops, laptops, tablets, and VDIs, including Windows and macOS operating systems
• Server antivirus and anti-malware protection enabled & enforced for physical, virtual, and cloud-hosted servers, including Windows and Linux operating systems
• Detect and block attacks, intrusions, and exploits, including, but not limited to: viruses, trojans, keyloggers, adware/spyware, password crackers, and potentially unwanted programs (PUPs)
• Support the client's Security Operations Center (SOC) in safely investigating & evaluating suspected malware that is identified by the CrowdStrike application.
• Assist in Incident Response handling and EDR actions as required by providing CrowdStrike telemetry data and analysis
• Provide advice to the client's SOC on emerging threats identified by the CrowdStrike platform
• Support ongoing integration between EDR/NGAV platforms and the client's SOC’s SIEM platform
• Coordinate software updates with EEUT staff and other impacted stakeholders as required.
• Ensure tight integration with existing enterprise operating system baselines
• Conduct testing and analysis as required, in support of ongoing integration requirements with enterprise IT operations
• Provide Tier 3 support
• Maintain a library of current application configurations, in support of IT operations and SPA&A (Security, Privacy Assessment & Authorization) requirements
• Provide EDR program support to the Program Manager, Project Manager, Chief Information Security Officer, and Chief Information Officer as required
• Provide reports and data feeds in support of endpoint security dashboard views, including servers, workstations, virtual machines (on-prem/cloud), laptops, tablets, and mobile devices
• Regularly attend change control, weekly status, and project planning meetings. Submit change requests as needed.
• Resolve service request & incident report tickets and provide timely responses to customers
• Provide planning, design, and integration support for EDR/NGAV as required to assist in the client’s Zero Trust Architecture implementation

Benefits

• A competitive Medical, Dental, and Vision plan
• Retirement Savings Plan
• Life Insurance
• AD&D Insurance
• Short Term and Long Term Disability Insurance
• 3 weeks of annual PTO
• 11 days of Holiday PTO
• Performance Awards
• Referral Bonus Plan (of up to $5,000/year)
• Education Reimbursement/Training (of up to $2,500/year)