Cyber Security Engineer

Company Description

Arthur Grand Technologies (www.arthurgrand.com) is in the business of providing staffing and technology consulting services. We have doubled our revenue year over year for the past 5 years. This speaks to the long-lasting relationship and customer satisfaction that we have built in this short span of time. Our company is managed by a team of professionals who worked for big 5 consulting firms for 20+ years. 

We are a minority owned staff augmentation and technology consulting company
To keep our valued employees, we need to keep them engaged in challenging, interesting work, offer market-relevant benefits and provide continued opportunities for professional growth.

Job Description

Role: Cyber Security Engineer

Location: Everett - WA (Remote till Covid)

Duration: FTE

Look for jr. with 6+ Years Exp.

Cyber Security Engineer – Endpoint Security and Threat Intel: (6+ years)

• EDR, CompTIA Security+, Carbon Black PSC, Proofpoint, Threat Hunting, Splunk, Endpoint Security

General Summary:

Security engineer is tasked with conducting the technical aspects of response operation for critical events, escalated by SOC. This includes immediate containment, investigation and management of remediation actions, as well as enhancing defenses with the new knowledge acquired throughout the response process.

Roles and Responsibilities:

• Expert level knowledge of VMware Carbon Black Cloud EDR and real-time experience using Live-response capabilities, good exposure on threat hunting.

• Strong technical skills in VMware Carbon Black Cloud sensor rollouts and upgrades.

• Strong technical skills in analysis and information gathering related to potential malicious code artifacts in a safe, secure manner.

• Demonstrated ability to analyse ongoing situations for the potential of a malware-related security incident.

• Build BAU operations using VMware Carbon Black Cloud and create incident response process for the detections.

• Maintain and improve VMware Carbon Black Cloud policies and Endpoint Protection detections.

• Maintain security posture with strong configurations, watchlist reports and assist SOC monitoring team to understand the same.

• Plan and lead process improvement initiatives tailored to improve overall VMware Carbon Black Cloud detections.

• Analysing potentially malicious programs and software using a variety of tools to identify indicators of compromise (IOCs) that can be used in protective security systems.

• Responsible for monitoring sources that identify zero-day threats and work to protect from them.

• Responsible for threat hunting using a variety of available sources and tools .

• Carry out in-depth investigation on security events, raise incidents and support the incident management process with 24*7 support.

• Provide remote incident response activities and advice to support customers during and immediately after security incidents.

• Independently follow procedures to identify, contain, analyse, document and eradicate malicious activity.

• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.

• Escalate information regarding intrusion events, security incidents, and other threat indicators and warning information to the client.

• Track trends and configure systems as required to reduce false positives from true events.

• Experience/Expertise on all modules of Proofpoint Email Security (PPS, TAP, TRAP, Isolation, EFD)

• Experience in analysing phishing/spam/imposter/malware emails.

• Regular Clean-up activities ensuring that legacy configurations are updated as deemed necessary.

• Creating custom blocklist in Proofpoint TAP for the associated malware or imposter.

• Integration, upgrade, automating operations in Proofpoint TRAP.

• Work with O365 team during configuration changes in Proofpoint for the security module.

Additional Information

Knowledge, Skills, and/or Abilities Required:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

• 6 - 8 years of experience in cyber security & threat intelligence, all-source threat intelligence analysis, malware analysis and be fully versed in the malware behavior lifecycle. 4+ years in an information security antivirus/anti-malware/EDR or malware analysis role.

• Excellent communication skills, both oral and written, with various audiences; mature, confident, assertive communication style.

• Strong Knowledge of Cyber security incident response process and procedures.

• In-depth knowledge of the security threat landscape.

• Understanding of contemporary scripting languages such as python, and familiarity with application programming interfaces (API) as a delivery method for indicators and intelligence.

• Flexible to work in a 24*7*365 Security Operations environment.

• Attention to detail, but with an ability to understand the big picture view and understand when projects or efforts have conflicting objectives.

• Knowledge of data communication concepts and technologies, specifically email, networking, and enterprise security.

• Knowledge of various security methodologies and processes and technical security solutions.

• Knowledge of investigation techniques to determine security incidents.

• Hands-on experience in event and log analysis on endpoints.

• Excellent organizational skills, ability to prioritize and manage multiple tasks.

Product experience:

EDR (Carbon Black highly preferred, CrowdStrike Falcon, Sentinelone, etc.)

Email Security (Proofpoint PPS, TAP, TRAP, Isolation, EFD, etc.)

SIEM (Splunk Enterprise, IBM QRadar etc.)

Certifications:

Required: CompTIA Security+

Preferred: ISC2, Microsoft, EC Council, etc.