Required: Microsoft Defender for Endpoint (MDE) Expertise: Proven engineering experience with MDE architecture, deployment strategies via MECM/SCCM or Intune, policy ring management, and advanced hunting using Kusto Query Language (KQL). Trellix HX Expertise: Demonstrated experience engineering, deploying, and managing Trellix HX (formerly FireEye) controllers and agents within air-gapped or highly restricted networks, including the creation of OpenIOC and YARA rules. Operating System & Forensic Knowledge: In-depth technical understanding of Windows, Linux, and macOS internals, including file systems, registry structures, and process execution mechanics. Professional Standards: Compliance with DoD 8570/8140 IAM Level II or III baseline certifications.
Desired: Vendor Certifications: Microsoft Certified: Security Operations Analyst Associate (SC-200), Azure Security Engineer Associate (AZ-500), or Trellix Certified Engineering credentials. Methodologies & Toolsets: Experience with Model-Based Systems Engineering (MBSE), Cameo, and workflow management within the Atlassian Suite (Jira, Confluence). Technical Frameworks: Familiarity with NSA Technical Manual Standards (e.g., NSA DS-89) and defense-in-depth engineering principles. Core Competencies: Strong record of team collaboration, exceptional transparency in managing high-consequence infrastructure, and an aptitude for developing technical leadership pipelines.