IA-DOM DoIT-TS4-EDR Architect

Job Description

This position will support the State of Iowa’s Office of the Chief Information Officer (OCIO), Information Security Services (ISS) Bureau with focus on the State of Iowa’s Enterprise Endpoint Detection and Response (EDR) platform and associated services. EDR Architect: Provide tier 3 support and develops EDR architecture, EDR federation, and be the primary administrator for the EDR platform.

The purpose of this position is to recommend security best practices, develop EDR architecture (including federation), hardening specifications, and support the State of Iowa Endpoint Detection and Response tools across the State of Iowa. These positions will augment state staff and will be responsible for the implementation, maintenance, and continual improvement of Iowa’s EDR. The EDR Architect will manage all aspects to the EDR solutions including:

• Work closely with SOC engineer and analyst on Incident Response ensuring containment strategies and risk reduction on endpoints (vulnerabilities).
• Developing strategies to allow for a multi-tenant environment.
• Understand and provide users and customers on the difference between anti-virus protections and malware prevention.
• Work closely with the EDR team and users regarding feature updates to the EDR system.
• Provide documentation on changes or add-ons to the system.
• Develop pathway to allow EDR information into the central Security information and event management (SIEM) and intelligence feeds.
• Provide training when needed on EDR system
• Develop strong relationships with vendors and users to eliminate unknowns and ensure clarity to system capabilities.
• Intermittently required to participate in incident handling processes such as incident discovery, analysis and verification, incident tracking, containment and recovery, incident response coordination, escalation, and notification.

Requirements:
• Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), GIAC Security Essentials (GSEC), or other information security certification.
• Demonstrated experience engineering and implementing an Enterprise Endpoint Detection and Response product.
• Strong understanding of security technologies and strategies, including but not limited to firewalls, IDS, policy management, security processes/best-practice, logging/monitoring, antivirus, vulnerability assessment, patch management, and incident response.
• Strong understanding of common and emerging attack vectors, penetration methods and countermeasures.

• Must be an individual of high integrity and be a model of unwavering integrity to others.
• Demonstrated ability to work effectively with customers to solve business challenges while balancing the need for confidentiality, integrity, and availability.
• Demonstrated commitment to fostering a diverse working environment.
• Demonstrated ability to work independently, as part of a team of peers, and to support and contribute to a multidisciplinary team environment.
• Solid knowledge of conflict resolution and incident escalation.
• Demonstrated ability to solve complex problems, convey both oral and written instruction, and handle multiple task interruptions while providing services in a professional and courteous manner.
• Proven ability to work with diverse audiences and translate technical information into non-technical information.
• Demonstrated ability to resolve issues in a variety of complex situations which require complex judgments and solutions based on sophisticated analytical thought.