CrowdStrike / CyberSecurity Engineer
About the position
BAE is seeking an experienced CrowdStrike / CyberSecurity Engineer to join the General Integrations (GI) program supporting the Executive Office of United States Attorneys (EOUSA). The CrowdStrike / CyberSecurity Engineer will provide subject matter expertise in the areas of CrowdStrike security engineering & architecture, policy design, Tier 3 troubleshooting support, and enterprise-wide deployment and application operations & maintenance.
Position requirements are as follows:
Architecting, configuring, operating, and maintaining EOUSA’s EDR/NGAV platforms in areas such as protection suite, which covers approximately 3,000 Windows/Linux Servers and Cloud Workloads, and approximately 18,000 Internal Workstations, including up to 3,000 Virtual Desktop (VDI) workstations.
Maintenance and configuration tasks for the EDR/NGAV platform may include but shall not be limited to:
Assisting with troubleshooting automated deployment installation issues;
Administering and maintaining the cloud platform, including user roles, policies, dynamic groupings, and other configuration items;
Creating, updating, enabling and disabling policies as required, including: EDR sensor update policies, content update policies, next‑generation antivirus (NGAV) prevention policies, Identity Protection policies, USB device policies, endpoint response policies, firewall policies, Falcon icon policies, and host retention policies;
Configuring and deploying any additional EDR/NGAV feature modules purchased by EOUSA;
Creating dashboards and reports, as directed;
Troubleshooting data integrity issues in the platform.
Architecting/designing host group structures that enable the most efficient application of the above policies.
Adhere to federal government and industry best practices when making configuration and architecture recommendations.
Firewall protection enabled & enforced on all endpoints/workstations and servers, to secure them against unauthorized ingress and egress traffic.
Endpoint antivirus and anti-malware protection enabled & enforced for desktops, laptops, tablets, and VDIs, including Windows and macOS operating systems.
Server antivirus and anti-malware protection enabled & enforced for physical, virtual, and cloud-hosted servers, including Windows and Linux operating systems.
Detect and block attacks, intrusions, and exploits in the USA environment, including, but not limited to: viruses, trojans, keyloggers, adware/spyware, password crackers, and potentially unwanted programs (PUPs).
Support the EOUSA Security Operations Center (SOC) in safely investigating & evaluating suspected malware that is identified by the CrowdStrike application. Assist in Incident Response handling and EDR actions as required by providing CrowdStrike telemetry data and analysis.
Provide advice to the EOUSA SOC on emerging threats identified by the CrowdStrike platform.
Support ongoing integration between EDR/NGAV platforms and EOUSA SOC’s SIEM platform.
Coordinate software updates with EEUT staff and other impacted stakeholders as required. Ensure tight integration with existing enterprise operating system baselines.
Conduct testing and analysis as required, in support of ongoing integration requirements with enterprise IT operations.
Provide Tier 3 support to OCIO IT staffs and to local IT staffs at U.S. Attorneys District Office locations.
Maintain a library of current application configurations, in support of IT operations and SPA&A (Security, Privacy Assessment & Authorization) requirements.
Provide EDR program support to the CSS-ESS/USAProtect Program Manager, Project Manager, Chief Information Security Officer, and Chief Information Officer as required.
Provide reports and data feeds in support of USAProtect endpoint security dashboard views, including servers, workstations, virtual machines (on-prem/cloud), laptops, tablets, and mobile devices.
Regularly attend change control, weekly status, and project planning meetings. Submit change requests as needed. Resolve service request & incident report tickets and provide timely responses to customers.
Provide planning, design, and integration support for EDR/NGAV as required to assist in EOUSA’s Zero Trust Architecture implementation.
Provide application information and data feeds in support of DOJ’s Security Posture Dashboard Report (SPDR) as required.
Place of Performance - Candidate can reside in either Columbia, SC or Washington, DC
On Site Requirements - The candidate will be required to work on site for the first 2 to 3 weeks. After which, the candidate will be required to work at least (1) day on site per week; (2) days on site per pay period (2 weeks). The remote work schedule could change at any time based on the customer's discretion. All candidates must be willing / able to convert to a 100% onsite work schedule if/when directed.
Responsibilities
• Architecting, configuring, operating, and maintaining EOUSA’s EDR/NGAV platforms
• Assisting with troubleshooting automated deployment installation issues
• Administering and maintaining the cloud platform, including user roles, policies, dynamic groupings, and other configuration items
• Creating, updating, enabling and disabling policies as required
• Configuring and deploying any additional EDR/NGAV feature modules purchased by EOUSA
• Creating dashboards and reports, as directed
• Troubleshooting data integrity issues in the platform
• Architecting/designing host group structures that enable the most efficient application of the above policies
• Adhere to federal government and industry best practices when making configuration and architecture recommendations
• Firewall protection enabled & enforced on all endpoints/workstations and servers, to secure them against unauthorized ingress and egress traffic
• Endpoint antivirus and anti-malware protection enabled & enforced for desktops, laptops, tablets, and VDIs, including Windows and macOS operating systems
• Server antivirus and anti-malware protection enabled & enforced for physical, virtual, and cloud-hosted servers, including Windows and Linux operating systems
• Detect and block attacks, intrusions, and exploits in the USA environment
• Support the EOUSA Security Operations Center (SOC) in safely investigating & evaluating suspected malware that is identified by the CrowdStrike application
• Assist in Incident Response handling and EDR actions as required by providing CrowdStrike telemetry data and analysis
• Provide advice to the EOUSA SOC on emerging threats identified by the CrowdStrike platform
• Support ongoing integration between EDR/NGAV platforms and EOUSA SOC’s SIEM platform
• Coordinate software updates with EEUT staff and other impacted stakeholders as required
• Conduct testing and analysis as required, in support of ongoing integration requirements with enterprise IT operations
• Provide Tier 3 support to OCIO IT staffs and to local IT staffs at U.S. Attorneys District Office locations
• Maintain a library of current application configurations, in support of IT operations and SPA&A (Security, Privacy Assessment & Authorization) requirements
• Provide EDR program support to the CSS-ESS/USAProtect Program Manager, Project Manager, Chief Information Security Officer, and Chief Information Officer as required
• Provide reports and data feeds in support of USAProtect endpoint security dashboard views
• Regularly attend change control, weekly status, and project planning meetings
• Submit change requests as needed
• Resolve service request & incident report tickets and provide timely responses to customers
• Provide planning, design, and integration support for EDR/NGAV as required to assist in EOUSA’s Zero Trust Architecture implementation
• Provide application information and data feeds in support of DOJ’s Security Posture Dashboard Report (SPDR) as required
Requirements
• Bachelor’s in computer science, business, or other relevant discipline.
• The candidate shall have 2-5 years of experience in defining security, utilization, and performance requirements in mid-to-large sized enterprise environments within CrowdStrike, Microsoft Defender, etc.
• Extensive demonstrated experience in design, deployment, optimization, and advanced troubleshooting of EDR platforms such as CrowdStrike, Microsoft Defender, etc. within a large, distributed (10,000+ endpoints, 10+ sites) enterprise environment.
• The resource should have experience with creating and updating policies, protection rules, installing services/applications, removing duplicate records, and troubleshooting issues with the EDR sensor, cloud platform, and related applications.
• Examples of past experience include: resolving application performance related issues, configuring dynamic grouping, and experience interpreting Windows and Linux system logs.
• Familiarity with manual and automated (deployed) application installation procedures on Windows systems.
• Familiarity with manual and automated (deployed) application installation procedures on Linux systems.
• Familiarity with manual and automated (deployed) application installation procedures on macOS, iOS, and iPadOS systems.
• Proven ability to architect, implement, and manage complex firewall rules, access rules, indicators of attack (IOAs), indicators of compromise (IOCs), EDR/NGAV machine learning (ML) exclusions, security configuration policies, and USB device protection/control policies.
• Experience providing Tier 3 support to IT and security teams.
• Advanced experience in creating EDR/NGAV reports and dashboards for security analytics, event trending, compliance auditing, and executive-level presentations from platforms such as CrowdStrike, Microsoft Defender, etc.
• Demonstrated ability to mentor junior engineers, provide technical leadership, and review the work of less-experienced team members, fostering a collaborative working and learning environment.
• Expert ability to collaborate effectively with IT managers, security teams, and other stakeholders to validate configurations, lead discussions on policy enhancements, and provide advanced training.
• Strong technical writing skills for developing and maintaining comprehensive documentation, standard operating procedures (SOPs), basic end user guides, and advanced IT troubleshooting guides.
• Exceptional verbal and written communication skills, including the ability to provide detailed progress, exception, and incident reports for technical audiences, as well as summarized, easy-to-understand reports for non-technical and executive audiences.
• Must be able to obtain up to a Secret clearance
Nice-to-haves
• CrowdStrike Certified Falcon Administrator (CCFA) or platform equivalent
• CrowdStrike Certified SIEM Engineer (CCSE) or platform equivalent
• CrowdStrike Certified Cloud Specialist (CCCS) or platform equivalent
Benefits
• health, dental, and vision insurance
• health savings accounts
• a 401(k) savings plan
• disability coverage
• life and accident insurance
• employee assistance program
• a legal plan
• discounts on things like home, auto, and pet insurance
• paid time off
• paid holidays
• paid parental, military, bereavement, and any applicable federal and state sick leave
• company recognition program to receive monetary or non-monetary recognition awards
Apply Now
Apply Now
BAE is seeking an experienced CrowdStrike / CyberSecurity Engineer to join the General Integrations (GI) program supporting the Executive Office of United States Attorneys (EOUSA). The CrowdStrike / CyberSecurity Engineer will provide subject matter expertise in the areas of CrowdStrike security engineering & architecture, policy design, Tier 3 troubleshooting support, and enterprise-wide deployment and application operations & maintenance.
Position requirements are as follows:
Architecting, configuring, operating, and maintaining EOUSA’s EDR/NGAV platforms in areas such as protection suite, which covers approximately 3,000 Windows/Linux Servers and Cloud Workloads, and approximately 18,000 Internal Workstations, including up to 3,000 Virtual Desktop (VDI) workstations.
Maintenance and configuration tasks for the EDR/NGAV platform may include but shall not be limited to:
Assisting with troubleshooting automated deployment installation issues;
Administering and maintaining the cloud platform, including user roles, policies, dynamic groupings, and other configuration items;
Creating, updating, enabling and disabling policies as required, including: EDR sensor update policies, content update policies, next‑generation antivirus (NGAV) prevention policies, Identity Protection policies, USB device policies, endpoint response policies, firewall policies, Falcon icon policies, and host retention policies;
Configuring and deploying any additional EDR/NGAV feature modules purchased by EOUSA;
Creating dashboards and reports, as directed;
Troubleshooting data integrity issues in the platform.
Architecting/designing host group structures that enable the most efficient application of the above policies.
Adhere to federal government and industry best practices when making configuration and architecture recommendations.
Firewall protection enabled & enforced on all endpoints/workstations and servers, to secure them against unauthorized ingress and egress traffic.
Endpoint antivirus and anti-malware protection enabled & enforced for desktops, laptops, tablets, and VDIs, including Windows and macOS operating systems.
Server antivirus and anti-malware protection enabled & enforced for physical, virtual, and cloud-hosted servers, including Windows and Linux operating systems.
Detect and block attacks, intrusions, and exploits in the USA environment, including, but not limited to: viruses, trojans, keyloggers, adware/spyware, password crackers, and potentially unwanted programs (PUPs).
Support the EOUSA Security Operations Center (SOC) in safely investigating & evaluating suspected malware that is identified by the CrowdStrike application. Assist in Incident Response handling and EDR actions as required by providing CrowdStrike telemetry data and analysis.
Provide advice to the EOUSA SOC on emerging threats identified by the CrowdStrike platform.
Support ongoing integration between EDR/NGAV platforms and EOUSA SOC’s SIEM platform.
Coordinate software updates with EEUT staff and other impacted stakeholders as required. Ensure tight integration with existing enterprise operating system baselines.
Conduct testing and analysis as required, in support of ongoing integration requirements with enterprise IT operations.
Provide Tier 3 support to OCIO IT staffs and to local IT staffs at U.S. Attorneys District Office locations.
Maintain a library of current application configurations, in support of IT operations and SPA&A (Security, Privacy Assessment & Authorization) requirements.
Provide EDR program support to the CSS-ESS/USAProtect Program Manager, Project Manager, Chief Information Security Officer, and Chief Information Officer as required.
Provide reports and data feeds in support of USAProtect endpoint security dashboard views, including servers, workstations, virtual machines (on-prem/cloud), laptops, tablets, and mobile devices.
Regularly attend change control, weekly status, and project planning meetings. Submit change requests as needed. Resolve service request & incident report tickets and provide timely responses to customers.
Provide planning, design, and integration support for EDR/NGAV as required to assist in EOUSA’s Zero Trust Architecture implementation.
Provide application information and data feeds in support of DOJ’s Security Posture Dashboard Report (SPDR) as required.
Place of Performance - Candidate can reside in either Columbia, SC or Washington, DC
On Site Requirements - The candidate will be required to work on site for the first 2 to 3 weeks. After which, the candidate will be required to work at least (1) day on site per week; (2) days on site per pay period (2 weeks). The remote work schedule could change at any time based on the customer's discretion. All candidates must be willing / able to convert to a 100% onsite work schedule if/when directed.
Responsibilities
• Architecting, configuring, operating, and maintaining EOUSA’s EDR/NGAV platforms
• Assisting with troubleshooting automated deployment installation issues
• Administering and maintaining the cloud platform, including user roles, policies, dynamic groupings, and other configuration items
• Creating, updating, enabling and disabling policies as required
• Configuring and deploying any additional EDR/NGAV feature modules purchased by EOUSA
• Creating dashboards and reports, as directed
• Troubleshooting data integrity issues in the platform
• Architecting/designing host group structures that enable the most efficient application of the above policies
• Adhere to federal government and industry best practices when making configuration and architecture recommendations
• Firewall protection enabled & enforced on all endpoints/workstations and servers, to secure them against unauthorized ingress and egress traffic
• Endpoint antivirus and anti-malware protection enabled & enforced for desktops, laptops, tablets, and VDIs, including Windows and macOS operating systems
• Server antivirus and anti-malware protection enabled & enforced for physical, virtual, and cloud-hosted servers, including Windows and Linux operating systems
• Detect and block attacks, intrusions, and exploits in the USA environment
• Support the EOUSA Security Operations Center (SOC) in safely investigating & evaluating suspected malware that is identified by the CrowdStrike application
• Assist in Incident Response handling and EDR actions as required by providing CrowdStrike telemetry data and analysis
• Provide advice to the EOUSA SOC on emerging threats identified by the CrowdStrike platform
• Support ongoing integration between EDR/NGAV platforms and EOUSA SOC’s SIEM platform
• Coordinate software updates with EEUT staff and other impacted stakeholders as required
• Conduct testing and analysis as required, in support of ongoing integration requirements with enterprise IT operations
• Provide Tier 3 support to OCIO IT staffs and to local IT staffs at U.S. Attorneys District Office locations
• Maintain a library of current application configurations, in support of IT operations and SPA&A (Security, Privacy Assessment & Authorization) requirements
• Provide EDR program support to the CSS-ESS/USAProtect Program Manager, Project Manager, Chief Information Security Officer, and Chief Information Officer as required
• Provide reports and data feeds in support of USAProtect endpoint security dashboard views
• Regularly attend change control, weekly status, and project planning meetings
• Submit change requests as needed
• Resolve service request & incident report tickets and provide timely responses to customers
• Provide planning, design, and integration support for EDR/NGAV as required to assist in EOUSA’s Zero Trust Architecture implementation
• Provide application information and data feeds in support of DOJ’s Security Posture Dashboard Report (SPDR) as required
Requirements
• Bachelor’s in computer science, business, or other relevant discipline.
• The candidate shall have 2-5 years of experience in defining security, utilization, and performance requirements in mid-to-large sized enterprise environments within CrowdStrike, Microsoft Defender, etc.
• Extensive demonstrated experience in design, deployment, optimization, and advanced troubleshooting of EDR platforms such as CrowdStrike, Microsoft Defender, etc. within a large, distributed (10,000+ endpoints, 10+ sites) enterprise environment.
• The resource should have experience with creating and updating policies, protection rules, installing services/applications, removing duplicate records, and troubleshooting issues with the EDR sensor, cloud platform, and related applications.
• Examples of past experience include: resolving application performance related issues, configuring dynamic grouping, and experience interpreting Windows and Linux system logs.
• Familiarity with manual and automated (deployed) application installation procedures on Windows systems.
• Familiarity with manual and automated (deployed) application installation procedures on Linux systems.
• Familiarity with manual and automated (deployed) application installation procedures on macOS, iOS, and iPadOS systems.
• Proven ability to architect, implement, and manage complex firewall rules, access rules, indicators of attack (IOAs), indicators of compromise (IOCs), EDR/NGAV machine learning (ML) exclusions, security configuration policies, and USB device protection/control policies.
• Experience providing Tier 3 support to IT and security teams.
• Advanced experience in creating EDR/NGAV reports and dashboards for security analytics, event trending, compliance auditing, and executive-level presentations from platforms such as CrowdStrike, Microsoft Defender, etc.
• Demonstrated ability to mentor junior engineers, provide technical leadership, and review the work of less-experienced team members, fostering a collaborative working and learning environment.
• Expert ability to collaborate effectively with IT managers, security teams, and other stakeholders to validate configurations, lead discussions on policy enhancements, and provide advanced training.
• Strong technical writing skills for developing and maintaining comprehensive documentation, standard operating procedures (SOPs), basic end user guides, and advanced IT troubleshooting guides.
• Exceptional verbal and written communication skills, including the ability to provide detailed progress, exception, and incident reports for technical audiences, as well as summarized, easy-to-understand reports for non-technical and executive audiences.
• Must be able to obtain up to a Secret clearance
Nice-to-haves
• CrowdStrike Certified Falcon Administrator (CCFA) or platform equivalent
• CrowdStrike Certified SIEM Engineer (CCSE) or platform equivalent
• CrowdStrike Certified Cloud Specialist (CCCS) or platform equivalent
Benefits
• health, dental, and vision insurance
• health savings accounts
• a 401(k) savings plan
• disability coverage
• life and accident insurance
• employee assistance program
• a legal plan
• discounts on things like home, auto, and pet insurance
• paid time off
• paid holidays
• paid parental, military, bereavement, and any applicable federal and state sick leave
• company recognition program to receive monetary or non-monetary recognition awards
Apply Now
Apply Now