CyberSecurity Engineer

Title : Crowdstrike Engineer

Location : San Francisco, CA (Hybrid)

Type / Duration : Contract to hire

Experience : 8 Years

JOB DESCRIPTION :

CrowdStrike - The CrowdStrike candidate should have at least 3 years of experience supporting large enterprises, and customers to maximize the efficiency of the CrowdStrike platform.

This subject matter expert is expected to have and maintain all relevant Crowdstrike certifications.

The candidate is expected to provide dedicated assistance with the deployment, configuration, and integration of CrowdStrike Falcon Platform including, but not limited to :

Assist with and change the CrowdStrike platform to protect networks and endpoints better.

Optimizes the Falcon Platform according to CrowdStrike and industry best practices.

Enhance change management and incident response procedures to align with capabilities and workflows provided by CrowdStrike "Falcon Complete."

Advise IT Operations on how to best leverage the CrowdStrike platform to minimize cybersecurity risks associated with unresolved patching and remediation tasks and assist in implementing the same.

DELIVERABLES

Resident Engineer will be tasked with protecting resources on networks by implementing conditional multi-factor authentication rules so that stolen (or easily guessed) authentication credentials cannot, by themselves, be used to access RDP and other services running on Microsoft Windows and Microsoft Windows Server.

Implement host-based firewall rules to further limit accessibility of network-facing services on Microsoft Windows, Microsoft Windows Server, macOS, and Linux to only those individuals and networks with a valid business justification to access said services ("remote access")

The Resident Engineer must be able to explain how these enhancements might be implemented using a combination of CrowdStrike and Palo Alto Networks User-ID, Group-ID, GlobalProtect VPN, Azure VPN gateway, or some other remote access solution, as well as the strategic use of virtual routing and forwarding tables to ensure remote access cannot be achieved using stolen authentication credentials (e.g. Pass-the-Hash attacks).

Improve the quality and entropy of memorized authentication secrets used to authenticate network services where MFA cannot be implemented; establish a baseline of said authentication events, and devise controls to detect atypical authentication requests outside of said baseline.

Establish procedures to ensure authentication secrets used by services accounts which have been historically exempted from periodic password changes, are changed, baselined, and then subject to change every twenty-four months thereafter.

Leverage the Falcon Agent real-time-response capabilities to execute audit scripts that compare endpoint configuration against desired "hardening" settings.