Security Tools Engineer Security Clearance

Position: Security Tools Engineer with Security Clearance
Security Tools Engineers – Senior and Junior roles available

Location:

National Capitol Region (Remote work but must live in the Washington, DC area for occasional meetings)
Job Type: Full-Time

About the Role:

We are seeking a highly skilled Security Tools Engineers to join our dynamic security operations team. The ideal candidate will have deep expertise in Azure security, endpoint detection, vulnerability management, and security architecture, with hands-on experience in integrating advanced security tools and automating processes. You will be responsible for securing and architecting cloud infrastructure, managing endpoint detection systems, implementing security policies, and leading new software evaluations across a complex enterprise environment.

Key Responsibilities:

1. Azure Security & Cloud Engineering:
o Design, implement, and enforce security policies for Azure subscriptions, including Defender for Cloud, identity baselines, RBAC, and logging.
o Enforce configuration standards across Azure resources at scale using Azure Policy, Blueprints, and landing zones.
o Integrate Azure Activity Logs and Defender alerts into SIEM solutions such as Splunk, ensuring comprehensive monitoring and incident response.
o Secure Azure VMs (Linux and Windows) from baseline to monitoring.
2. Endpoint Detection & Response (EDR) Management:
o Lead the deployment, monitoring, and troubleshooting of EDR solutions (Crowd Strike, Sentinel One) across the enterprise.
o Evaluate and compare Crowd Strike and Sentinel One, and recommend the best solution based on specific use cases.
o Ensure proper EDR agent deployment, validate reporting, and correlate asset data using tools like Axonius, Splunk, and Tenable.
o Troubleshoot and resolve issues where EDR agents fail to report or check in.
3. Carbon Black App Control (Bit9) Management:
o Implement and manage high-enforcement whitelisting policies using Carbon Black App Control.
o Safely onboard new applications and handle block events, determining whether to allow or deny them.
o Manage developer code signing and App Control approvals in a high-enforcement environment.
4. Splunk Configuration and Engineering:
o Configure and troubleshoot Splunk Heavy Forwarders (HF) and Deployment Servers (DS) for efficient data ingestion.
o Manage large-scale Splunk app deployments and validate log source parsing before sending data to production.
o Design and implement custom inputs and ensure optimal performance in data collection and forwarding.
5. Vulnerability Management (Tenable.io):
o Implement and manage Tenable.io vulnerability scanning solutions across a large-scale cloud environment.
o Build and assign scan templates, prioritize vulnerabilities based on risk factors (CVSS, VPR, asset criticality), and ensure remediation.
o Address issues with credential errors in vulnerability scans and improve overall vulnerability management processes.
6. New Software Evaluation & Architecture Support:
o Lead the security review process for new applications and tools, ensuring they meet security gates for permissions, data flow, logging, and compatibility with existing security tools.
o Evaluate vendor tools that require local admin privileges or service account access and ensure proper security assessments are conducted.
7. Linux Support & Hardening:
o Apply Linux hardening controls (e.g., STIG/CIS) to new VMs and automate compliance checks using tools such as Ansible, Lynis, and OpenSCAP.
o Troubleshoot and resolve performance issues on Linux systems, using appropriate diagnostic tools.
8. Scripting & Automation:
o Automate security tasks using Power Shell and Python to streamline processes, such as parsing logs, interacting with APIs (Tenable, Crowd Strike), and managing system configurations.
o Develop scripts to automate security tasks, such as vulnerability scanning, log parsing, and compliance checking.
9. Cross-Team Communication &

Collaboration:

o Work closely with other teams to push back on security risks and advocate for necessary security controls in project timelines.
o Document engineering processes and security architectures for repeatability and auditability.
10. Continuous Improvement:
o Lead efforts to…