CyberSecurity & Identity Protection Engineer (Tier 3)
110k – 130kUnited StatesSecurity EngineeringRemote3+ YOE
Summary
Tier 3 engineer deploys/manages EDR tools, conducts incident response, vulnerability assessments, and identity protection for clients. Monitors threats, automates workflows with SOAR/Python, and handles fraud resolution. Requires 3+ years cybersecurity experience.
About the role
Responsibilities
- Deploy and configure Endpoint Detection and Response (EDR) agents across client environments. Customize detection policies to minimize false positives.
- Analyze EDR telemetry to detect "living off the land" attacks and anomalies.
- Actively monitor client endpoints for malicious indicators, isolate compromised devices, and communicate incidents.
- Generate monthly executive summaries for clients detailing blocked attacks, health status, and ROI.
- Schedule and run vulnerability scans on client networks, execute penetration tests, review results, prioritize patches, and verify remediation.
- Monitor threats and vulnerabilities for Smart Home and IoT devices, assist in hardening home networks.
- Proactively monitor Dark Web and criminal forums for compromised credentials, leaked data, or domain spoofing.
- Manage credit monitoring platform, alert clients to identity alerts indicating fraud.
- Serve as case manager for identity theft incidents, handle end-to-end resolution.
- Assist in restoration of compromised accounts including synthetic identity fraud, medical identity theft, and tax refund fraud.
- Hunt for client PII on people-search sites and data brokers, manage opt-out process.
- Identify repetitive tasks and build SOAR playbooks or scripts (Python/PowerShell) to automate.
- Evaluate and implement AI-driven tools and Machine Learning features to enhance threat detection.
- Optimize API integrations between identity platforms, EDR, and ticketing systems.
- Conduct post-mortem reviews, update SOPs, codify IOCs.
- Develop custom scripts, tools, or methodologies for Incident Response.
- Develop reports of forensic findings and IR activities.
- Participate in on-call rotation, knowledge transfer, mentoring, R&D on cyber trends.
- Work with engineering, product, and sales teams.
Requirements
- 3-5+ years of experience in Cybersecurity, Fraud Analysis, or Security Engineering.
- Penetration and vulnerability testing experience.
- Windows and macOS forensic investigation and vulnerability management.
- Experience deploying, managing, and optimizing EDR tools (CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, Sophos Intercept X).
- Experience developing detection alerting using automation and SOAR.
- Technical knowledge of Windows, macOS, iOS, Android, Linux.
- Solid understanding of US Credit System (Bureaus, FICO, FCRA).
- Experience managing identity monitoring platforms.
Nice-to-Haves
- College degree in IT/CS/CE or equivalent.
- Certifications: CISSP, CCSP, CFCE, GIAC, OSCP, OSCE, Security+, CEH, CIPP, CIPA.
Skills
CrowdStrike FalconSentinelOneMicrosoft Defender for EndpointCarbon BlackSophos Intercept XEDRSOARPythonPowerShellAIMachine LearningWindowsmacOSLinuxIoT
Similar roles at this salary range
All Security Engineering jobs →Sr. Security Engineer, Incident Response
Technical lead for incident response across multi-cloud infrastructure. Owns triage, containment, automation, and detection tuning using CrowdStrike, Tines, and Cyberhaven DLP. Requires 5+ years in IR/SOC roles.
113k – 252kNew York, NYSecurity EngineeringOn-site5+ YOEIAMEDR
Sr. Security Engineer, Incident Response
Technical lead for incident response across multi-cloud environments. Owns triage, containment, automation, and detection tuning using CrowdStrike, Tines, and Cyberhaven DLP. Requires 5+ years in IR/SOC roles.
113k – 252kPalo Alto, CA +1Security EngineeringOn-site5+ YOEIAMSIEM