JOBSEARCHER

Crowdstrike Engineer

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

The CrowdStrike resource will have at least three years of experience supporting large enterprise, customers maximize the efficiency of the CrowdStrike platform. This subject matter expert is expected to have and maintain all relevant CrowdStrike certifications. This SME shall provide dedicated assistance with the deployment, configuration and integration of the Client’s CrowdStrike Falcon Platform Assist with and makes changes to the CrowdStrike platform to better protect Client networks and endpoints.Optimizes the Falcon Platform according to CrowdStrike and industry best practices.Enhance change management and incident response procedures to align with capabilities and workflows provided by CrowdStrike “Falcon Complete.”Advise IT Operations how to best leverage CrowdStrike platform to minimize cybersecurity risks associated with unresolved patching and remediation tasks and assist in the implementation of same.Job description:Engineer will be tasked with protecting resources on Client networks by implementing conditional multi-factor authentication rules so that stolen (or easily guessed) authentication credential cannot, by themselves, be used to access to RDP and other services running on Microsoft Window and Microsoft Windows Server.Implement host-based firewall rules to further limit accessibility of network-facing services on Microsoft Windows, Microsoft Windows Server, macOS and Linux to only those individuals and networks with a valid business justification to access said services (“remote access”)The Engineer must be able to explain how these enhancements might be implemented using a combination of CrowdStrike and Palo Alto Networks User-ID, Group-ID, GlobalProtect VPN, Azure VPN gateway, or some other remote access solution, as well as the strategic use of virtual routing and forwarding tables to ensure remote access cannot be achieved using stolen authentication credentials (e.g. Pass-the-Hash attacks).Improve the quality and entropy of memorized authentication secrets used to authenticate network services where MFA cannot be implemented; establish a baseline of said authentication events, and devise controls to detect atypical authentication requests outside of said baseline.Establish procedures to ensure authentication secrets used by services accounts which have been historically exempted from periodic password changes, are changed, baselined, and then subject to change every twenty-four months thereafter.Leverage the Falcon Agent real-time-response capabilities to execute audit scripts that compare endpoint configuration against desired “hardening” settings.