EDR Architect (699841)

Seeking EDR Architect to recommend security best practices, develop EDR architecture (including federation), hardening specifications, and support the State of Iowa Endpoint Detection and Response tools across the State of Iowa. These positions will augment state staff and will be responsible for the implementation, maintenance, and continual improvement of Iowa s EDR. The EDR Architect will manage all aspects to the EDR solutions including:

Work closely with SOC engineer and analyst on Incident Response ensuring containment strategies and risk reduction on endpoints (vulnerabilities).

Developing strategies to allow for a multi-tenant environment.

Understand and provide users and customers on the difference between anti-virus protections and malware prevention.

Work closely with the EDR team and users regarding feature updates to the EDR system.

Provide documentation on changes or add-ons to the system.

Develop pathway to allow EDR information into the central Security information and event management (SIEM) and intelligence feeds.

Provide training when needed on EDR system

Develop strong relationships with vendors and users to eliminate unknowns and ensure clarity to system capabilities.

Intermittently required to participate in incident handling processes such as incident discovery, analysis and verification, incident tracking, containment and recovery, incident response coordination, escalation, and notification.

Requirements:

Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), GIAC Security Essentials (GSEC), or other information security certification.

Demonstrated experience engineering and implementing an Enterprise Endpoint Detection and Response product.

Strong understanding of security technologies and strategies, including but not limited to firewalls, IDS, policy management, security processes/best-practice, logging/monitoring, antivirus, vulnerability assessment, patch management, and incident response.

Strong understanding of common and emerging attack vectors, penetration methods and countermeasures.

Must be an individual of high integrity and be a model of unwavering integrity to others.

Demonstrated ability to work effectively with customers to solve business challenges while balancing the need for confidentiality, integrity, and availability.

Demonstrated commitment to fostering a diverse working environment.

Demonstrated ability to work independently, as part of a team of peers, and to support and contribute to a multidisciplinary team environment.

Solid knowledge of conflict resolution and incident escalation.

Demonstrated ability to solve complex problems, convey both oral and written instruction, and handle multiple task interruptions while providing services in a professional and courteous manner.

Proven ability to work with diverse audiences and translate technical information into non-technical information.

Demonstrated ability to resolve issues in a variety of complex situations which require complex judgments and solutions based on sophisticated analytical thought.

Requirements

Skill
Required / Desired
Amount
of Experience
Candidate

Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), GIAC Security Essentials (GSEC), or other

Required
7
Years

Demonstrated experience engineering and implementing an Enterprise Endpoint Detection and Response product.

Required
7
Years

Strong understanding of security technologies and strategies, including but not limited to: firewall, IDS, policy management, security processes/best

Required
7
Years

*Strong understanding of common and emerging attack vectors, penetration methods and countermeasures.

Required
7
Years

*Demonstrated ability to work independently, as part of a team of peers, and also to support and contribute to a multidisciplinary team environment.

Required
7
Years

*Solid knowledge of conflict resolution and incident escalation.

Required
7
Years

*Demonstrated ability to solve complex problems, convey both oral and written instruction, and handle multiple task interruptions while providing serv

Required
7
Years

*Proven ability to work with diverse audiences and translate technical information into non-technical information.

Required
7
Years

*Demonstrated ability to resolve issues in a variety of complex situations which require complex judgments and solutions based on sophisticated analyt

Required
7
Years

Skill Required / Desired Amount of Experience Candidate Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), GIAC Security Essentials (GSEC), or other Required 7 Years Demonstrated experience engineering and implementing an Enterprise Endpoint Detection and Response product. Required 7 Years Strong understanding of security technologies and strategies, including but not limited to: firewall, IDS, policy management, security processes/best Required 7 Years *Strong understanding of common and emerging attack vectors, penetration methods and countermeasures. Required 7 Years *Demonstrated ability to work independently, as part of a team of peers, and also to support and contribute to a multidisciplinary team environment. Required 7 Years *Solid knowledge of conflict resolution and incident escalation. Required 7 Years *Demonstrated ability to solve complex problems, convey both oral and written instruction, and handle multiple task interruptions while providing serv Required 7 Years *Proven ability to work with diverse audiences and translate technical information into non-technical information. Required 7 Years *Demonstrated ability to resolve issues in a variety of complex situations which require complex judgments and solutions based on sophisticated analyt Required 7 Years