3+ years of working experience with the Carbon Black Protection, McAfee Security Suite, IBM BigFix solutions
Administrative experience of Carbon Black Protection:
Analyzing and interpreting Carbon Black Protection events as well as acting diligently in resolving approval requests
Server/client installation and configuration
Integrating CBP with other security solutions i.e. SIEM, etc…
Creating custom rules, file integrity control, file creation control, execution control, trusted path, event rules, script rules, registry rules, memory rules, performance optimization
Working understanding of reputation approvals, trusted updaters, trusted publishers, trusted user, trusted directories, approval requests and justification, login accounts and groups, computer details, policies, modes and enforcement levels, removable device control, local approval and timed policy override, file visibility and control, automatic local approval
Administrative experience of McAfee ePolicy Orchestrator 5.x
ePO Settings and Configurations Administration.
ePO Policies, Client and Server Tasks Administration.
ePO Superagent Distributed Repositories Administration.
ePO Agent and Agent Handlers Administration.
Rogue System Detection Management.
ePO User and Role-based Access Control Management.
Malware/threat and intrusion incident Management including “Virus Outbreak.”
Threat Intelligence Detections and ePO Problem Management.
Experience with McAfee products managed by ePolicy Orchestrator 5.x, preferred with the following:
Host Intrusion Prevention
VirusScan Enterprise and VirusScan Enterprise for Linux
Data Loss Prevention, Device Control
ENS, Enterprise Security
Threat Intelligence, Data Exchange Layer
Drive Encryption, File and Removable Media Encryption
Administrative experience of IBM BigFix:
Experience using BigFix and other tools for software distribution and reporting to include creating custom fixlets in BigFix and deploying OEM and custom fixlets and actions across the full enterprise and administering BigFix Web UI. This includes custom sites and user management.
Manage patching and software release distributions to servers and workstations using BigFix; create and test packages prior to release.
Deploy approved release packages and break-fix solutions in accordance with all enterprise architecture and configuration, change, and release management policies and procedures.
Develop and maintain small software tools and custom scripts, using PowerShell, Visual Basic, and Wise, to automate repetitive tasks and improve user access to self-service options.
Troubleshoot and resolve issues as required, and propose and implement changes aimed at continuous improvement.
Draft user communication and issue email notifications to key stakeholders and the user community regarding environment changes, patches, and outages, both planned and unplanned.
Strong analytical, problem-solving and interpersonal skills
Experience managing an enterprise-sized solution base of more than 15,000 endpoints
Experience making low-level risk assessments of requested changes - making sound decisions before modifying system parameters
Must have, or be able to quickly attain, an understanding of the functionality and technology of existing systems as well as an understanding of business critical applications and their major issues.
Must have a general view of the current state of information security threats and vulnerabilities across the globe as well as within a large multi-national corporation.
Suggest and work with the larger security team members to develop and refine additional monitoring content and Use Cases.
Strong organization skills
Strong work ethic and self-motivated.
Basic forensic skills related to providing only relevant data when and for what is being requested
Be part of an enterprise level/scope of work
Have experience in the analysis, design, installation, configuration, adhere and maintenance of log integration
Have experience consulting with application/platform owners
Ability to think outside the box
Willingness to be a team player
Ability to have fun while working
ADDITIONAL PREFERRED QUALIFICATIONS:
Experience with other enterprise caliber endpoint security solutions
Experience with security research, incident response, or vulnerability management and malware analysis a plus
Experience with scripting languages or automation and orchestration tools
Experience with security scanning and network packet capture tools
Experience with SPL, SQL, and other related search languages
Knowledge of networking protocols
BA or BS degree in CS, IT, or a related field