25-1069: Network Detection and Response (NDR) Architect

About The Position

Requirements

• Deep understanding of network protocols (TCP/IP, DNS, HTTP, etc.) and OSI model
• Proficiency in network security architectures and best practices
• Strong knowledge of common attack vectors and techniques (e.g., APTs, malware, DDoS)
• Expertise in one or more NDR platforms (ExtraHop, Darktrace, Vectra, etc.)
• Familiarity with SIEM and SOAR technologies
• Understanding of encryption technologies and PKI
• Knowledge of cloud security principles and practices
• Proficiency in at least one scripting language (Python, PowerShell, Bash)
• Experience with API integration and automation
• Ability to develop custom tools and scripts for security analysis
• Strong analytical thinking and problem-solving abilities
• Experience in interpreting complex data sets and identifying patterns
• Ability to think like an attacker to anticipate and mitigate threats
• Excellent written and verbal communication skills
• Strong leadership and team collaboration abilities
• Ability to explain complex technical concepts to non-technical audiences
• Proactive and self-motivated with a passion for cybersecurity
• Active Secret Clearance Required

Nice To Haves

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field
• 5+ years of experience in network security or related roles
• Relevant certifications such as:
• ExtraHop Certified Professional
• Certified Information Systems Security Professional (CISSP)
• GIAC Security Expert (GSE)
• Certified Ethical Hacker (CEH)
• Cisco Certified Network Professional (CCNP) Security
• Experience with threat hunting and advanced persistent threat (APT) detection
• Familiarity with regulatory compliance standards (GDPR, HIPAA, PCI DSS, etc.)

Responsibilities

• Architect comprehensive NDR solutions tailored to organizational needs
• Implement and configure NDR platforms like ExtraHop Reveal(x), Darktrace, or Vectra Cognito
• Integrate NDR solutions with existing security infrastructure (SIEM, SOAR, etc.)
• Design and implement network segmentation strategies to minimize attack surface
• Network Traffic Analysis
• Analyze network traffic patterns to identify anomalies and potential threats
• Develop custom detection rules and algorithms for identifying sophisticated attacks
• Utilize machine learning and AI capabilities of NDR tools for advanced threat detection
• Perform regular network behavior analysis to establish baselines and detect deviations
• Incident Response and Forensics
• Lead incident response efforts for network-related security events
• Conduct in-depth forensic analysis of security incidents
• Develop and maintain incident response playbooks
• Coordinate with other security teams during major security events
• Continuous Improvement and Optimization
• Regularly assess and optimize NDR tool configurations
• Stay updated on emerging threats and adjust detection capabilities accordingly
• Conduct periodic security assessments and penetration tests
• Identify and implement new NDR technologies and methodologies
• Reporting and Communication
• Generate comprehensive reports on network security status and incidents
• Present findings and recommendations to both technical and non-technical stakeholders
• Develop and deliver training sessions on NDR tools and best practices
• Collaborate with cross-functional teams to align NDR strategies with business objectives
• Compliance and Governance
• Ensure NDR practices align with relevant regulatory requirements (e.g., GDPR, HIPAA, PCI DSS)
• Develop and maintain documentation for audits and compliance checks
• Contribute to the development of security policies and procedures