Information Security Engineer
Babel Street · Reston, VA · 3 days ago
Information Technology$100k–$110k/yrFull-time
Responsibilities
- Monitor, investigate, and respond to security alerts and incidents.
- Administer Microsoft XDR, CrowdStrike Falcon, and Microsoft Entra ID.
- Investigate phishing, identity attacks, endpoint detections, account compromise activity, and other security events.
- Create, maintain, and improve security run books, Standard Operating Procedures (SOPs), and incident response playbooks.
- Document investigations, findings, technical procedures, and operational processes.
- Assist with vulnerability management and remediation efforts.
- Cook up scripts, automations, and operational workflows to improve efficiency and reduce manual effort.
- Coordinate with Infrastructure, Cloud, IT, and Engineering teams to resolve security findings.
- Research emerging threats, attack techniques, and security technologies.
- Utilize AI tools to improve research, scripting, documentation, troubleshooting, and engineering productivity.
- Recommend and implement improvements to security processes, detections, workflows, and automations.
- Participate in security projects and perform additional duties as assigned.
Requirements
- Bachelor's degree in Cybersecurity, Cyber Operations, Systems Security Engineering, Computer Science, Information Assurance, or a related technical discipline.
- Three (3) or more years of experience in Information Security, Security Operations, or Security Engineering.
- Experience with Microsoft XDR.
- Experience with CrowdStrike Falcon.
- Experience with Microsoft Entra ID, including Risky Users and Identity Protection.
- Working knowledge of AWS, Microsoft Azure, and Google Cloud Platform (GCP).
- Experience investigating security incidents.
- Experience writing PowerShell, Python, or similar scripting languages.
- Experience developing automations and operational workflows.
- Experience creating, maintaining, and improving security run books, Standard Operating Procedures (SOPs), and incident response playbooks.
Technical Competencies
- Experience with, or the ability to quickly become proficient in, the following:
- Security incident response and investigation.
- Endpoint Detection and Response (EDR/XDR) platforms.
- Security Information and Event Management (SIEM) platforms.
- Log analysis, event correlation, and threat hunting.
- Detection engineering and alert tuning.
- Identity and authentication investigations.
- Microsoft 365 and Microsoft Entra ID security investigations.
- Email security and phishing investigations.
- Vulnerability management and remediation workflows.
- PowerShell, Python, or similar scripting languages.
- Kusto Query Language (KQL) and/or Splunk Processing Language (SPL).
- Microsoft Graph API, REST APIs, and security automation.
- Cloud security investigations across AWS, Azure, and GCP.
- Developing and maintaining security run books, Standard Operating Procedures (SOPs), and incident response playbooks.
- Working knowledge of the NIST Cybersecurity Framework (CSF).
- Familiarity with the MITRE ATT&CK Framework and common adversary tactics, techniques, and procedures (TTPs).
- Strong understanding of enterprise technology, including Windows, Linux, networking fundamentals, identity systems, cloud infrastructure, and common enterprise architectures.