Senior Microsoft Defender Engineer

Job Title: Senior Microsoft Defender Engineer

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: Secret

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Continental US

* * *

The Opportunity:

CACI is seeking a highly skilled and experienced Senior Microsoft Defender Engineer to join our Endpoint Device Management team. The ideal candidate will have deep expertise in Microsoft Defender for Endpoint, Cloud, Identity, and Servers, with a strong understanding of the System Engineering Lifecycle. This role will be responsible for designing, implementing, and managing our Microsoft Defender solutions with the overarching automation platform to protect our organization from cyber threats.  In addition, the candidate will be responsible for implementing automation strategies to allow for seamless management of applicable MDE capabilities into broader workflows via ServiceNow and other automation tools.

Responsibilities:

Overseeing Endpoint Detection and Response (EDR):

• Guide mid-level engineers in deploying and fine-tuning EDR solutions to monitor and respond to threats in real-time.
• Review and approve automated response playbooks created by your team.

Leading Next-Generation Antivirus (NGAV) Implementation:

• Supervise the setup and configuration of NGAV to provide behavioral-based protection.
• Ensure NGAV algorithms are optimized for peak performance under your team’s management.

Directing Threat & Vulnerability Management:

• Oversee continuous vulnerability assessments conducted by your team and provide remediation recommendations.
• Develop and execute strategies to mitigate endpoint vulnerabilities in collaboration with the larger vulnerability management team, ensuring your team’s plans align with organizational goals.

Managing Attack Surface Reduction:

• Lead the implementation and maintenance of rules and controls to minimize the attack surface of endpoints.
• Regularly review and update your team’s strategies to stay ahead of emerging threats.

Supervising Cloud-Delivered Protection:

• Ensure your team integrates real-time updates and threat intelligence from the Microsoft cloud.
• Monitor and adjust cloud-delivered protection features configured by your team.

Integrating with SIEM Solutions:

• Guide your team in seamlessly connecting Microsoft Defender with Microsoft Sentinel and other SIEM tools.
• Review and approve centralized logging, analytics, and reporting dashboards created by your team.

Ensuring Cross-Platform Protection:

• Guarantee comprehensive security across Windows, Linux, and mobile devices under your team’s management.
• Manage and monitor security solutions on diverse platforms, ensuring your team’s configurations are effective.

Delivering Comprehensive Reporting and Analytics:

• Oversee the creation of detailed reports on security posture, incidents, and compliance by your team.
• Approve customizable dashboards and alerts developed by your team to keep the security operations center informed.

Deploying Windows Defender Application Control (WDAC):

• Lead the design, implementation, and management of WDAC policies to control which applications can run on endpoints.
• Ensure your team’s WDAC configurations align with organizational security policies and compliance requirements.
• Monitor and update WDAC policies to adapt to changing threat landscapes and business needs, providing guidance and oversight to your team.

Integrating Microsoft Defender, Intune, and Purview for Data Loss Prevention (DLP):

• Oversee the implementation and management of DLP policies using Microsoft Defender for Endpoint.
• Ensure sensitive data on endpoints is monitored, classified, and protected against unauthorized access or exfiltration.
• Lead the configuration and enforcement of device compliance and app protection policies using Microsoft Intune.
• Guide the discovery, classification, and protection of sensitive data across the organization using Microsoft Purview.
• Create and enforce DLP policies in Microsoft 365 and other cloud services to ensure data compliance and security.
• Monitor and report on DLP incidents, providing detailed alerts and insights to the security team.
• Integrate Microsoft Defender, Intune, and Purview to create a robust, layered DLP strategy.
• Ensure a comprehensive view of DLP incidents across endpoints, mobile devices, and cloud services.
• Set up unified reporting and alerts for any policy violations or data exfiltration attempts.

Applying the System Engineering Lifecycle:

• Use your expertise in the System Engineering Lifecycle to guide your team in designing, implementing, and maintaining cutting-edge Microsoft Defender solutions.
• Ensure all security solutions align with organizational goals and compliance requirements.

Qualifications:

Required: 

• Active Secret clearance.
• 12+ Years of relevant experience (Bachelor’s Degree in applicable field may be substituted for 5 years of experience).
• Required DoD 8140 compliant certification such as CompTIA Security+
• Extensive experience with Microsoft Defender for Endpoint, Cloud, and Servers.
• Strong experience with endpoint security, threat hunting, and incident response.
• Strong experience with SIEM solutions, especially Microsoft Sentinel.
• Experience automating workflows with automation tools
• Experience administering and working with Linux operating systems, specifically Red Hat Enterprise Linux
• Excellent leadership and team management skills, with the ability to mentor and guide a team to achieve security objectives.
• Strong analytical and problem-solving skills to address complex security tooling challenges.
• Excellent communication and collaboration skills to interact effectively with stakeholders at all levels.
• Understanding of industry compliance standards (e.g., NIST) and relevant regulations (e.g., GDPR, HIPAA) is advantageous.
• Willingness to stay updated with the latest cybersecurity trends and emerging security tools.

Desired: 

• Other relevant cybersecurity certifications like Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), are a plus.
• ServiceNow integrated workflows/automation
• Microsoft Active Directory/Entra
• Microsoft Federation Services
• Microsoft PowerBI Dashboarding
• Advanced PowerShell scripting or prior software development experience
• DoD PKI

-

What You Can Expect:

 A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.

Pay Range:

There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.

The proposed salary range for this position is:

$103,800 - $218,100