Back to all jobs

EDR Tools Engineer, Lead

Booz Allen

Jun 30

EDR Tools Engineer, Lead

The Challenge:

As an Endpoint Detection & Response (EDR) Engineer, you will implement and optimize next-generation security solutions for customers. You’ll work with in-house teams to identify the right mix of tools, techniques, procedures to translate your customer’s needs and future goals into a plan that will enable secure and effective solutions. In developing the best solutions, you will investigate new techniques, break free from the legacy model, and help customers exceed industry standards. As a team, we’ll take a critical approach to solution design, identifying gaps, providing alternatives, and customizing solutions to maintain a balance of security and business needs. This position is open to remote delivery from any location in the U.S., to include the District of Columbia.

You Have:

  • 8+ years of experience with a Federal Government or commercial security operations center (SOC) or a combination of advanced degrees, professional certifications
  • 5+ years of experience with deployment, configuration, or maintenance to support enterprise EDR solutions, including but not limited to Carbon Black EDR, CrowdStrike Falcon, FireEye HX, Microsoft Defender APT, or Elastic Endpoint Protection as either deployment or day-to-day analysis of the solution
  • 3+ years of experience with performing systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users
  • Experience with deployment of an EDR solution in a large customer environment, including 100k+ endpoints
  • Experience with providing status reports for the team activities, including metrics and KPIs
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles
  • Knowledge of various enterprise operating system (OS) configurations and management tools for use during deployment, configuration, and management of EDR solutions
  • Ability to obtain a security clearance
  • HS Diploma or GED

Nice If You Have:

  • 3+ years of experience working within a Security Operations Center (SOC) environment, including but not limited to incident response, vulnerability scanning, threat hunting, network monitoring/log management, and compliance management
  • Experience with triaging security events in a SOC environment and leveraging data collected from enterprise security solutions
  • Knowledge of enterprise security tools, including Security Information & Event Management (SIEM), Threat Intelligence Platforms (TIPs), Network Monitoring Tools
  • Knowledge of executing incident response activities and seeing incidents through to successful remediation
  • Knowledge of tactics, techniques, and procedures for detecting host and network-based intrusions
  • Knowledge of malware analysis concepts and incident handling methodologies
  • Knowledge of federal information security policies, standards, procedures, directives, frameworks, federal security authorizations, assessment, and risk management processes for enterprise systems
  • Ability to integrate cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Splunk
  • Ability to provide support in a Tier II IT operations and maintenance role, including ticket work information updates, issue responses, and remediation
  • Ability to travel up to 50% of the time within CONUS
  • BA or BS degree
  • EDR vendor certifications


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.