Senior Microsoft Defender Engineer

About The Position

Requirements

• Active Secret clearance.
• 12+ Years of relevant experience (Bachelor’s Degree in applicable field may be substituted for 5 years of experience).
• Required DoD 8140 compliant certification such as CompTIA Security+
• Extensive experience with Microsoft Defender for Endpoint, Cloud, and Servers.
• Strong experience with endpoint security, threat hunting, and incident response.
• Strong experience with SIEM solutions, especially Microsoft Sentinel.
• Experience automating workflows with automation tools
• Experience administering and working with Linux operating systems, specifically Red Hat Enterprise Linux
• Excellent leadership and team management skills, with the ability to mentor and guide a team to achieve security objectives.
• Strong analytical and problem-solving skills to address complex security tooling challenges.
• Excellent communication and collaboration skills to interact effectively with stakeholders at all levels.
• Understanding of industry compliance standards (e.g., NIST) and relevant regulations (e.g., GDPR, HIPAA) is advantageous.
• Willingness to stay updated with the latest cybersecurity trends and emerging security tools.

Nice To Haves

• Other relevant cybersecurity certifications like Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), are a plus.
• ServiceNow integrated workflows/automation
• Microsoft Active Directory/Entra
• Microsoft Federation Services
• Microsoft PowerBI Dashboarding
• Advanced PowerShell scripting or prior software development experience
• DoD PKI

Responsibilities

• Overseeing Endpoint Detection and Response (EDR): Guide mid-level engineers in deploying and fine-tuning EDR solutions to monitor and respond to threats in real-time. Review and approve automated response playbooks created by your team.
• Leading Next-Generation Antivirus (NGAV) Implementation: Supervise the setup and configuration of NGAV to provide behavioral-based protection. Ensure NGAV algorithms are optimized for peak performance under your team’s management.
• Directing Threat & Vulnerability Management: Oversee continuous vulnerability assessments conducted by your team and provide remediation recommendations. Develop and execute strategies to mitigate endpoint vulnerabilities in collaboration with the larger vulnerability management team, ensuring your team’s plans align with organizational goals.
• Managing Attack Surface Reduction: Lead the implementation and maintenance of rules and controls to minimize the attack surface of endpoints. Regularly review and update your team’s strategies to stay ahead of emerging threats.
• Supervising Cloud-Delivered Protection: Ensure your team integrates real-time updates and threat intelligence from the Microsoft cloud. Monitor and adjust cloud-delivered protection features configured by your team.
• Integrating with SIEM Solutions: Guide your team in seamlessly connecting Microsoft Defender with Microsoft Sentinel and other SIEM tools. Review and approve centralized logging, analytics, and reporting dashboards created by your team.
• Ensuring Cross-Platform Protection: Guarantee comprehensive security across Windows, Linux, and mobile devices under your team’s management. Manage and monitor security solutions on diverse platforms, ensuring your team’s configurations are effective.
• Delivering Comprehensive Reporting and Analytics: Oversee the creation of detailed reports on security posture, incidents, and compliance by your team. Approve customizable dashboards and alerts developed by your team to keep the security operations center informed.
• Deploying Windows Defender Application Control (WDAC): Lead the design, implementation, and management of WDAC policies to control which applications can run on endpoints. Ensure your team’s WDAC configurations align with organizational security policies and compliance requirements. Monitor and update WDAC policies to adapt to changing threat landscapes and business needs, providing guidance and oversight to your team.
• Integrating Microsoft Defender, Intune, and Purview for Data Loss Prevention (DLP): Oversee the implementation and management of DLP policies using Microsoft Defender for Endpoint. Ensure sensitive data on endpoints is monitored, classified, and protected against unauthorized access or exfiltration. Lead the configuration and enforcement of device compliance and app protection policies using Microsoft Intune. Guide the discovery, classification, and protection of sensitive data across the organization using Microsoft Purview. Create and enforce DLP policies in Microsoft 365 and other cloud services to ensure data compliance and security. Monitor and report on DLP incidents, providing detailed alerts and insights to the security team. Integrate Microsoft Defender, Intune, and Purview to create a robust, layered DLP strategy. Ensure a comprehensive view of DLP incidents across endpoints, mobile devices, and cloud services. Set up unified reporting and alerts for any policy violations or data exfiltration attempts.
• Applying the System Engineering Lifecycle: Use your expertise in the System Engineering Lifecycle to guide your team in designing, implementing, and maintaining cutting-edge Microsoft Defender solutions. Ensure all security solutions align with organizational goals and compliance requirements.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.