Apply on Employer Site

EXPANSIA · 2 days ago

*E01 Security Engineer V

United States

Full-time

Remote

Senior Level, Lead/Staff

$137K/yr - $160K/yr

15+ years exp

EXPANSIA is a service-disabled veteran-owned company that empowers organizations to be mission ready now with data, people, and ecosystems. As a Security Engineer V, you will be responsible for designing, implementing, and managing Microsoft Defender solutions to protect the organization from cyber threats, while also overseeing automation strategies for seamless management of security capabilities.

Business DevelopmentBusiness Information SystemsInformation Technology

Work & Life Balance

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Oversee Endpoint Detection and Response (EDR) by guiding mid-level engineers in deploying and fine-tuning EDR solutions for real-time threat monitoring and response, while reviewing and approving the automated response playbooks they create

Lead Next-Generation Antivirus (NGAV) implementation by supervising the setup and configuration of behavioral-based protection and ensuring NGAV algorithms are optimized for peak performance under the team’s management

Direct Threat & Vulnerability Management by overseeing continuous vulnerability assessments and providing remediation recommendations, while developing and executing strategies to mitigate endpoint vulnerabilities in collaboration with the broader vulnerability management team to ensure alignment with organizational goals

Manage Attack Surface Reduction by leading the implementation and maintenance of endpoint rules and controls, while regularly reviewing and updating the team’s strategies to stay ahead of emerging threats

Supervise Cloud-Delivered Protection by ensuring the team integrates real-time Microsoft threat intelligence and updates, while monitoring and adjusting the cloud-delivered protection features they configure

Integrate with SIEM solutions by guiding the team in connecting Microsoft Defender with Microsoft Sentinel and other SIEM tools, while reviewing and approving the centralized logging, analytics, and reporting dashboards they create

Ensure cross-platform protection by guaranteeing comprehensive security across Windows, Linux, and mobile devices, while managing and monitoring security solutions on diverse platforms to confirm the team’s configurations are effective

Deliver comprehensive reporting and analytics by overseeing the creation of detailed security posture, incident, and compliance reports, while approving customizable dashboards and alerts developed by the team to keep the security operations center informed

Deploy Windows Defender Application Control (WDAC) by leading the design, implementation, and management of WDAC policies, ensuring the team’s configurations align with organizational security and compliance requirements, and monitoring and updating policies to adapt to evolving threats and business needs

Integrate Microsoft Defender, Intune, and Purview for Data Loss Prevention (DLP) by overseeing the implementation and management of DLP policies, ensuring sensitive data is monitored, classified, and protected

Enforce policies across Microsoft 365 and cloud services, monitoring and reporting incidents, and creating unified dashboards and alerts to provide a comprehensive, layered DLP strategy across endpoints, mobile devices, and cloud environments

Apply the System Engineering Lifecycle by guiding the team in designing, implementing, and maintaining Microsoft Defender solutions, while ensuring all security measures align with organizational goals and compliance requirements

Coordinate security rules and internal access authorization with IT Operations leadership and management

Configure and maintain user access controls, ensuring compliance with access policies

Evaluate and recommend security updates, software, and hardware enhancements

Conduct periodic risk management audits to ensure security measures are effective and up to date

Ensure 100% of planned hours are worked and recorded

Identify and escalate opportunities for growth within the work area to leadership

Participate in growth initiatives as requested

Ensure all contractual deliverables are met or exceeded to customer satisfaction

Complete personal PDP and attend Staff Meeting and Storytime (with camera on)

Build productive and positive professional relationships with clients within the program

Execute all contract requirements in accordance with contract-specific LCAT and requirements

Perform other related duties as assigned

Qualification

Microsoft Defender for EndpointSIEM solutionsEndpoint securityCompTIA Security+Linux operating systemsAutomation toolsAnalytical skillsUnderstanding compliance standardsServiceNow workflowsMicrosoft Active DirectoryPowerShell scriptingLeadership skillsCommunication skillsCollaboration skills

Required

Active Secret Clearance

Bachelor's degree in Computer Science, or Information Security with 15 years of relevant experience; At least 3 years in a leadership or senior engineering position

High School Diploma with 20+ years of relevant experience or Master's degree and 12 years of relevant experience

Required DoD 8140 compliant certification such as CompTIA Security+

Recognized authority in cybersecurity with expertise in designing and implementing highly innovative security solutions

Proven ability to develop technical solutions to complex security challenges and determine strategic courses of action

Extensive experience with Microsoft Defender for Endpoint, Cloud, and Servers

Strong experience with endpoint security, threat hunting, and incident response

Strong experience with SIEM solutions, especially Microsoft Sentinel

Experience automating workflows with automation tools

Experience administering and working with Linux operating systems, specifically Red Hat Enterprise Linux

Excellent leadership and team management skills, with the ability to mentor and guide a team to achieve security objectives

Strong analytical and problem-solving skills to address complex security tooling challenges

Excellent communication and collaboration skills to interact effectively with stakeholders at all levels

Understanding of industry compliance standards (e.g., NIST) and relevant regulations (e.g., GDPR, HIPAA) is advantageous

Willingness to stay updated with the latest cybersecurity trends and emerging security tools

Preferred

Other relevant cybersecurity certifications like Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), are a plus

ServiceNow integrated workflows/automation

Microsoft Active Directory/Entra

Microsoft Federation Services

Microsoft PowerBI Dashboarding

Advanced PowerShell scripting or prior software development experience

DoD PKI