- Resolve agent related (client side) incidents and problems
- Monitor Virus management tool dashboard each business day for threat trends and overall environment status
- Establish threshold alerts to notify the appropriate stakeholders of unauthorized activity
- Perform weekly audits of the environment to detect non-compliant systems
- Generate incidents and escalate to the appropriate group for remediation for non-compliant systems that cannot be resolved via console
- Validate customer security software is installed on active managed workstations
- Submit new malicious material to Trend Micro for support
- Define and maintain security policies, intrusion prevention policies and define update policy and settings for managed workstations
- Configure update servers within the customer environment as needed to reduce network traffic caused by definition updates
- Review SQL logs and client communication logs
- Perform routine maintenance of SQL server database for anti-virus application to prevent performance issues related to SQL Server
- Monitor definition updates, client software operation, IPS & firewall events, and track riskevents identified via the Control Manager of both PC and Server workstations.
- Resolve service requests and incidents for excluding workstations from DLP policies and adding or removing authorized DLP devices (e.g.., encrypted external hard drives, encrypted flash drives).
- Monitor Virus threats and communicate via triggered alerts as well as daily and weekly reports
- Identify and track non-compliant Authorized End User workstations, take corrective action, or if necessary escalate to the appropriate support team to assist with remediation
- Ensure software and packages are deployed via SCCM or the control manager console
- Perform log management and security fine tuning.
- Collaborate with client technical teams for issue resolution and mitigation. Participate and help remediate the security incidents.
- Manage and maintain SLA’s agreed with our customers.
- Participate in an on-call rotation to provide emergency support.
Supervisory Responsibilities: None
Knowledge and Skill Required:
- 3 - 4 years of experience maintaining Internet/DMZ infrastructure, understanding of Endpoint Securitytechnology (McAfee, Trend Micro)Deployment and support of Security Logs.
- 3 – 4 years of Information Technologyexperience with networktechnologies, specifically TCP/IP, and related network tools and concepts is Desired
- Knowledge of scriptinglanguage and ability to automate things as necessary
- Demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Experience with an enterprise-class ticketing system.
- Hands on experience with any industry standard SIEM is desired
- Recent Trend Micro experience is desired
- SANS GIAC GCIA certification is desired
- An Associate's Degree, preferably a technical field such as IT or IT Security, or progressing towards completing a Bachelor's Degree in an IT related field is desired.
- A willingness to support the team over individual for the benefit of the customer, and by demonstrating an understanding of the expectations of good communication: gracious, grounding, proactive, helpful, precise, etc.
- The ability to work independently and succeed on solo projects Certifications, or the ability to quickly obtain them, such as: Network+, Security+, CCNA, CISSP, CCNP, OSCP Demonstrate willingness to assist other Engineers, both NOC and SOC as necessary.
The ability to quickly develop competency in all security apps/consoles in use
The ability to quickly obtain subject matter expertise and primary responsibility.