• Implement EDR solutions according to vendor best practices
• Assist SOC analysts in performing analysis, correlation of actionable security events and alerts, network traffic analysis using raw packet data, net flow, etc. provided by EDR solution
• Evaluate, analyze and reproduce security vulnerabilities reported by EDR vendors
• Partner and collaborate with customers and fellow engineers to design, implement, and monitor EDR solutions used both internally and in customer sites.
• Participate in the Security Incident Response Team (SIRT) activities. This means helping SIRT to detect, respond, contain, eradicate and recover from security incidents in a timely manner, within the EDR products
• Assist in documenting Standard Operating Procedures SOC playbooks, configuration guides, and secure standards
• Administration and operational support of all internal and client EDR solutions
• Provide technical support and troubleshooting when needed regarding existing or new EDR solutions
• Provide support to remediate vulnerabilities such as patching, implementing controls to mitigate risk, and ensuring secure configuration of systems pertaining to EDR
• Perform research and remain aware of new and emerging threats to ensure newly discovered vulnerabilities are addressed within specified EDR solutions

• 3+ years of experience with deployment, configuration, or maintenance of supporting enterprise EDR solutions, including CrowdStrike Falcon, SentinelOne, Cortex XDR, or Carbon Black EDR as either deployment or day-to-day operations, and maintenance of the solution. Strong preference will be given to candidates with experience in more than one of the listed platforms.

• 
  3+ years of experience with performing systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users

• 
  2+ years of experience in working with a Security Operations Center (SOC) environment, leveraging EDR tools to support incident response, vulnerability scanning, threat hunting, network monitoring and log management, and compliance management activities highly desired

• 
  2+ years of experience in working with SYSMON as an alternative to an Enterprise EDR solution highly desired

• 
  2+ years of experience with deployment of an EDR solution in a customer and/or enterprise environment

• 
  Experience with optimization of EDR solutions, including refinement data produced, development of automated workflows or playbooks, and integration of the EDR data with Enterprise solutions, including SIEM, ITSM, and TIP solutions

• 
  Ability to provide content on deliverables, including written reports and technical documents, SOPs and configuration guides, and training and briefing materials

• 
  Bachelor’s degree or similar industry experience in cyber security, information technology, computer science, or similar field

• 
  Solid understanding of information technology and information security including; firewalls/UTM’s, IDS/IPS, VPN’s, penetration testing, SIEM, and other security systems with an emphasis on threat hunting and log analysis

• 
  Excellent written and verbal communication skills; collaborative team player

• 
  Exceptional analytical and problem-solving skills; someone who ‘sees’ the box differently

• 
  Experience developing and managing remediation plans/corrective actions

• 
  Understanding of IT infrastructure, information security, and compliance controls

• 
  Comfortable with multiple, current operating environments

• 
  Familiarity with modern exploit techniques, mitigation strategies and counter-attack methodologies

• 
  This position has the potential to be shift-based in a 24x7 operation

• 5+ years of focused CrowdStrike Falcon or SentinelOne experience
• Experience with triaging security events in a SOC environment and leveraging data collected from enterprise security solutions
• Experience with providing support in a Tier I or II IT operations and maintenance role, including ticket work information updates, issue responses, and remediation
• Knowledge of federal information security policies, standards, procedures, directives, frameworks, federal security authorizations, assessment, and risk management processes for enterprise systems
• Ability to integrate cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Sumo Logic, Splunk, QRadar, Microsoft Sentinel, etc.
• Bachelor’s degree in Information Systems, Cybersecurity, or similar
• CISSP, CISM, CISA, GIAC or other recognized security certification is preferred

• Start-up company in a growth phase with opportunity for advancement based on performance
• Start-up culture with an office in downtown Salt Lake City, UT
• Competitive medical and dental benefits for employee and family members
• Other company-provided benefits such as short-term disability, basic life insurance, children’s orthodontia, with additional voluntary benefits available, and 401(k) match
• Flexible Paid Time Off policy
• Professional Development opportunities specific to role

E04JI8008a6v401bps2