Information Security Engineer II - End Point

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Assurance, Management Information Systems, or a related field — or equivalent professional experience.
• 3–5 years of experience in cybersecurity engineering or related IT/security operations roles, with demonstrated hands-on experience in endpoint security.
• Hands-on experience operating CrowdStrike Falcon or equivalent EDR platform, including policy management, detection tuning, and incident response workflows.
• Experience with endpoint DLP tools such as Digital Guardian, Microsoft Purview, Forcepoint, or similar.
• Familiarity with endpoint firewall management concepts, rule-set construction, and exception handling processes.
• Working knowledge of endpoint hardening standards such as CIS Benchmarks (Level 1/Level 2) and DISA STIGs.
• Experience with vulnerability management tools (e.g., Qualys, Tenable/Nessus) and an understanding of vulnerability prioritization frameworks (CVSS, EPSS, VPR).
• Familiarity with network access control concepts and technologies (e.g., Forescout CounterAct, Cisco ISE).
• Exposure to Next-Generation Firewall platforms (e.g., Palo Alto Networks PAN-OS) and basic firewall rule management.
• Understanding of email security gateways and threat filtering concepts (e.g., Mimecast, Proofpoint).
• Knowledge of threat hunting methodologies, behavioral analytics, and the MITRE ATT&CK framework.
• Familiarity with common attack techniques including phishing, lateral movement, privilege escalation, and data exfiltration.
• Basic malware analysis and digital forensics concepts.
• Understanding of Windows, macOS, and Linux operating systems from a security and endpoint management perspective.
• Exposure to SIEM platforms (e.g., ELK, Crowdstrike Next-Gen SIEM etc) for log correlation and alert investigation.
• Basic scripting ability (e.g., PowerShell, Python, Bash) for automation and operational efficiency.
• Strong written and verbal communication skills; ability to convey technical risk to non-technical stakeholders.
• Excellent analytical, problem-solving, and organizational skills.

Nice To Haves

• CrowdStrike Certified Falcon Administrator (CCFA), CompTIA CySA+, CompTIA Security+, CEH, GCIA, GCIH, or equivalent industry certification.

Responsibilities

• Administer, configure, and maintain the CrowdStrike Falcon platform, including agent deployment, agent version management, policy configuration, group management, and sensor health/hygiene across Windows, macOS, and Linux endpoints.
• Monitor and triage EDR alerts, investigate potential threats and indicators of compromise (IOCs), and drive containment, remediation, and root cause analysis activities.
• Conduct proactive threat hunting using EDR telemetry, behavioral analytics, and threat intelligence feeds to identify adversarial activity that may evade automated detections.
• Stay current with CrowdStrike product updates, new module releases, and emerging features; evaluate and implement relevant capabilities to strengthen the security posture.
• Manage and maintain a robust endpoint firewall policy set within the CrowdStrike platform, including rule creation, tuning, exception handling, and ongoing policy reviews.
• Implement, operate, and maintain Data Loss Prevention (DLP) solutions on the endpoint, including Digital Guardian and/or Microsoft Purview, ensuring policies are configured to detect and prevent unauthorized data exfiltration or transfer.
• Administer DLP policies, perform alert triage and investigation, tune detection rules to reduce false positives, and collaborate with data owners and legal/compliance teams on policy enforcement.
• Contribute to the development and maintenance of secure endpoint baseline images and configurations, aligning to CIS Level 1 Benchmarks and organizational hardening standards.
• Support vulnerability management operations, including configuring and executing credentialed vulnerability scans (e.g., Qualys/Tenable), reviewing scan results, prioritizing vulnerabilities based on risk, and coordinating remediation with IT teams.
• Assist with Palo Alto Networks Next-Generation Firewall (NGFW) operations, including rule review, policy tuning, and troubleshooting as needed.
• Support Forescout CounterAct operations, including policy management, device profiling, and remediation workflows.
• Assist with Mimecast email security administration, including policy configuration, threat response, and user support.
• Document security processes, procedures, configurations, alert triage activities, and investigation findings to support compliance, audit, and knowledge management requirements.
• Participate in change management processes and ensure security controls are assessed prior to changes impacting endpoint environments.
• Collaborate with outsourced Security Operations Center (SOC) analysts, IT teams, and third-party vendors to coordinate endpoint security efforts and escalate incidents as appropriate.
• Support compliance with applicable regulatory frameworks (e.g., FFIEC, PCI DSS, CRI Profile) through proper configuration, documentation, and evidence collection.
• Produce operational reports and metrics related to EDR health, DLP events, firewall policy effectiveness, endpoint compliance, and vulnerability status.
• Research and evaluate emerging security technologies, threat trends, and industry best practices to recommend improvements to the endpoint security program.
• Participate in on-call rotation for security incident response as required.
• Adherence to all company Policies and Procedures.
• Performs other related duties as required and assigned.
• Complete all required compliance training on an annual basis.

Benefits

• Excellent career opportunities
• Wide array of benefits