Back to all jobs

Endpoint Detection and Response Engineer, Lead

Booz Allen

Jul 09

Endpoint Detection and Response Engineer, Lead

The Challenge:
Cyber threats are evolving and federal government agencies need assistance with developing processes, procedures, and technical solutions to mitigate and respond to threats from persistent cyber threats. Booz Allen is looking for a Subject Matter Expert (SME) with expertise in the fields of endpoint security, incident response, threat mitigation, and emerging technology to assist federal agencies with evolving their existing people, processes, and technologies to defend against threats. With your technical expertise, you’ll build creative solutions to help your customers meet their toughest challenges. This is a chance to think differently about cyber defense, use innovative tools and approaches, and develop the next generation of security analytics.

You'll use your expertise to assist a federal client with the development of an Enterprise EDR capability to assist the agencies with endpoint focused threat detection and response, vulnerability identification, new threat exposures, emerging security technologies, and threat hunting. This role will focus on assessing, developing, and implementing a proactive EDR capability for federal government clients. This position is open to remote delivery from any location in the U.S., to include the District of Columbia.

You Have:

  • 5+ years of experience in a professional work environment
  • Experience with enterprise endpoint security solutions, including Elastic Endgame, Crowdstrike Falcon, Carbon Black, FireEye HX, or Tanium as either a deployment of solution or day to day analysis of the solution
  • Experience with triaging security events in a security operations center (SOC) environment, leveraging data collected from enterprise security solutions
  • Experience with providing status reports for the activities of the team, including metrics and KPIs
  • Knowledge of executing incident response activities and seeing incidents through to successful remediation
  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles
  • Knowledge of malware analysis concepts and incident handling methodologies
  • Ability to obtain a security clearance
  • HS diploma or GED

Nice If You Have:

  • Experience with conducting proactive Advanced Persistent Threat (APT) and Focused Operator (FO) hunting, incident response support, and advanced analytic capabilities while providing adversary mitigation and executive level recommendations 
  • Experience with processes and procedures to analyze workstation, server, and network incidents using SIEM, behavioral analytics, and network analysis.
  • Experience with monitoring and reporting changes in threat dispositions, activities, tactics, capabilities, objectives as related to designated cyber operations warning problem sets
  • Knowledge of cyber-attack stages, including reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, and covering tracks
  • Knowledge of incident triage, including scope, urgency, potential impact, and making recommendations that enable expeditious remediation
  • Ability to profile and track APT/FO actors that pose a threat in coordination with threat intelligence support teams and review and analyze log files from various sources such as SIEM, packet captures, and host logs to report any unusual or suspect activities

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.