Information Security Engineer II - End Point

SUMMARY

The Information Security Engineer II is responsible for the day-to-day operations, maintenance, and continuous improvement of the organization's endpoint security program. This role centers on the administration of Extended Detection and Response (EDR) technologies, primarily CrowdStrike Falcon, encompassing agent lifecycle management, policy configuration, alert response, threat hunting, and platform reporting. The engineer will manage endpoint firewall policies within CrowdStrike and administer Data Loss Prevention (DLP) solutions including Digital Guardian and/or Microsoft Purview to protect sensitive organizational data. Additionally, this role supports the development and maintenance of secure endpoint baseline configurations aligned to CIS Level 1 Benchmarks. The engineer will provide backup support for vulnerability management functions and will have exposure to complementary security technologies including Palo Alto Next-Generation Firewalls, Forescout CounterAct (Network Access Control), and Mimecast email security. This position operates within a collaborative security team and contributes to the broader corporate security strategy, supporting compliance requirements such as FFIEC, PCI DSS, GDPR, and SOX.

MAJOR DUTIES AND RESPONSIBILITIES (ESSENTIAL FUNCTIONS)

• Administer, configure, and maintain the CrowdStrike Falcon platform, including agent deployment, agent version management, policy configuration, group management, and sensor health/hygiene across Windows, macOS, and Linux endpoints.
• Monitor and triage EDR alerts, investigate potential threats and indicators of compromise (IOCs), and drive containment, remediation, and root cause analysis activities.
• Conduct proactive threat hunting using EDR telemetry, behavioral analytics, and threat intelligence feeds to identify adversarial activity that may evade automated detections.
• Stay current with CrowdStrike product updates, new module releases, and emerging features; evaluate and implement relevant capabilities to strengthen the security posture.
• Manage and maintain a robust endpoint firewall policy set within the CrowdStrike platform, including rule creation, tuning, exception handling, and ongoing policy reviews.
• Implement, operate, and maintain Data Loss Prevention (DLP) solutions on the endpoint, including Digital Guardian and/or Microsoft Purview, ensuring policies are configured to detect and prevent unauthorized data exfiltration or transfer.
• Administer DLP policies, perform alert triage and investigation, tune detection rules to reduce false positives, and collaborate with data owners and legal/compliance teams on policy enforcement.
• Contribute to the development and maintenance of secure endpoint baseline images and configurations, aligning to CIS Level 1 Benchmarks and organizational hardening standards.
• Support vulnerability management operations, including configuring and executing credentialed vulnerability scans (e.g., Qualys/Tenable), reviewing scan results, prioritizing vulnerabilities based on risk, and coordinating remediation with IT teams.
• Assist with Palo Alto Networks Next-Generation Firewall (NGFW) operations, including rule review, policy tuning, and troubleshooting as needed.
• Support Forescout CounterAct operations, including policy management, device profiling, and remediation workflows.
• Assist with Mimecast email security administration, including policy configuration, threat response, and user support.
• Document security processes, procedures, configurations, alert triage activities, and investigation findings to support compliance, audit, and knowledge management requirements.
• Participate in change management processes and ensure security controls are assessed prior to changes impacting endpoint environments.
• Collaborate with outsourced Security Operations Center (SOC) analysts, IT teams, and third-party vendors to coordinate endpoint security efforts and escalate incidents as appropriate.
• Support compliance with applicable regulatory frameworks (e.g., FFIEC, PCI DSS, CRI Profile) through proper configuration, documentation, and evidence collection.
• Produce operational reports and metrics related to EDR health, DLP events, firewall policy effectiveness, endpoint compliance, and vulnerability status.
• Research and evaluate emerging security technologies, threat trends, and industry best practices to recommend improvements to the endpoint security program.
• Participate in on-call rotation for security incident response as required.

Additional Duties and Responsibilities

• Adherence to all company Policies and Procedures.
• Performs other related duties as required and assigned.
• Complete all required compliance training on an annual basis.

EMPLOYEE SPECIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Required Education and Work Experience

Education: Bachelor's degree in Cybersecurity, Computer Science, Information Assurance, Management Information Systems, or a related field - or equivalent professional experience.

Experience: 3-5 years of experience in cybersecurity engineering or related IT/security operations roles, with demonstrated hands-on experience in endpoint security.

Preferred Certifications (one or more): CrowdStrike Certified Falcon Administrator (CCFA), CompTIA CySA+, CompTIA Security+, CEH, GCIA, GCIH, or equivalent industry certification.

Knowledge and/or hands-on experience in some of the following areas:

• Hands-on experience operating CrowdStrike Falcon or equivalent EDR platform, including policy management, detection tuning, and incident response workflows.
• Experience with endpoint DLP tools such as Digital Guardian, Microsoft Purview, Forcepoint, or similar.
• Familiarity with endpoint firewall management concepts, rule-set construction, and exception handling processes.
• Working knowledge of endpoint hardening standards such as CIS Benchmarks (Level 1/Level 2) and DISA STIGs.
• Experience with vulnerability management tools (e.g., Qualys, Tenable/Nessus) and an understanding of vulnerability prioritization frameworks (CVSS, EPSS, VPR).
• Familiarity with network access control concepts and technologies (e.g., Forescout CounterAct, Cisco ISE).
• Exposure to Next-Generation Firewall platforms (e.g., Palo Alto Networks PAN-OS) and basic firewall rule management.
• Understanding of email security gateways and threat filtering concepts (e.g., Mimecast, Proofpoint).
• Knowledge of threat hunting methodologies, behavioral analytics, and the MITRE ATT&CK framework.
• Familiarity with common attack techniques including phishing, lateral movement, privilege escalation, and data exfiltration.
• Basic malware analysis and digital forensics concepts.
• Understanding of Windows, macOS, and Linux operating systems from a security and endpoint management perspective.
• Exposure to SIEM platforms (e.g., ELK, Crowdstrike Next-Gen SIEM etc) for log correlation and alert investigation.
• Basic scripting ability (e.g., PowerShell, Python, Bash) for automation and operational efficiency.
• Strong written and verbal communication skills; ability to convey technical risk to non-technical stakeholders.
• Excellent analytical, problem-solving, and organizational skills.

PHYSICAL ACTIVITIES AND ENVIRONMENTAL CONDITIONS

Frequency Key

• (N) Never/Rarely - less than 1/3 of the time
• (O) Occasionally - 1/3 to 2/3 of the time
• (C) Constantly - 2/3 or more of the time

Physical Activity Task

Frequency

Ascending or descending ladders, stairs, scaffolding, ramps, poles and the like.

N

Moving self in different positions to accomplish tasks in various environments.

N

Remaining in a stationary position, often standing or sitting for prolonged periods.

C

Moving about to accomplish tasks or moving from one worksite to another.

O

Communicating with others to exchange information.

C

Repeating motions that may include the wrists, hands and/or fingers.

C

Operating machinery and/or power tools.

N

Operating motor vehicles or heavy equipment.

N

Assessing the accuracy, neatness and thoroughness of the work assigned.

C

Environmental Condition

Frequency

Low temperatures.

N

High temperatures.

N

Outdoor elements such as precipitation and wind.

N

Noisy environments.

O

Hazardous conditions.

N

Poor ventilation.

N

Small and/or enclosed spaces.

N

No adverse environmental conditions expected.

C

Physical Demand: Sedentary work that primarily involves sitting/standing.

PLEASE NOTE

This job description is not intended to be all-inclusive. Employee may perform other related duties as assigned by supervisor to meet the ongoing needs of the organization.

If any applicant is unable to complete an application or respond to a job opening because of a disability, please email us at HR@firstunitedbank.com for assistance.