Job Overview:
This individual will serve as an Information Security Engineer and member of the Exostar Information Security Office. This individual will report to the Intelligence & Operations Manager and be focused on a diverse set of information security functions supporting a highly secure suite of services for our Aerospace and Defense and Life Sciences customer base. The ideal candidate will have a general background in multiple areas of information security and system/network operations.
Responsibilities: Your day if you join us:
- Monitoring, triaging, deployment, and administration of security operation tools (ex. EDR, AV, email filtering, DLP, vulnerability scanners, and whitelisting).
- Ability to import and manage IOCs from various threat sources.
- SIEM administration and engineering, including refining and building dashboards, managing ingest sources and licensing, monitoring for incidents and operational events, health of indexers and deployment agents, and deploying new infrastructure.
- Perform Azure security monitoring including review, triage, and respond to Defender, Azure Monitor, and AAD alerts.
- Threat intelligence research support including notification on emerging threats and providing timely threat data in Exostar format.
- Vulnerability management support using scanning tools such as Tenable/Web application scanners, communicating results to stakeholders, and supporting remediation activities.
- Threat hunting including adhoc monthly and formalized quarterly exercises with reporting. Threat hunting exercises are performed with relevance to the industry and security landscape.
- Proofpoint monitoring and email filtering including mailbox user sync, review, release of legitimate emails from quarantine, reviewing inbound Spam and CIRT emails from the user population.
- Security engineering, consisting of maintaining FIM agents, legacy antivirus health/alert monitoring, triaging alerts, false positives, and true positives
- Advise on procurement for new solutions which support Exostar’s Security Tools Suite.
- Provide IR escalation support, consisting of "Tier 2-3" incident response and forensics capabilities leveraging industry-standard methodologies (e.g., US-CIRT, NIST, MITRE) and tools.
- Support with miscellaneous documentation tasks including the compilation of threat metrics, drafting SOPs, and providing Executive-level status reports.
- Audit and Compliance support, including assistance with providing artifacts demonstrating security control implementation, answer questions and customer questionnaires, and performing monthly User Account Reviews
- Perform Configuration Management support for product teams and conduct Change Control review
Qualifications:
You are a great fit for this role if you:
Required Skills:
- 7+ years of experience in information security.
- Strong background in security operations, incident response, threat detection, and monitoring.
- Demonstrated experience securing Azure and Microsoft 365 environments in regulated or enterprise contexts.
- Experience with Multi-vendor environments including Windows Domains, Active Directory, and Linux-based environments
- Experience using on-premise and Azure cloud-native security tools (e.g. IDS, Firewalls, Splunk, Sentinel, Defender, EDR/NGAV, SIEM, vulnerability scanners, legacy and next-generation antivirus, email filtering, DLP, software whitelisting)
- Scripting and query language knowledge (Python, Splunk Query Language, KQL)
- Security Monitoring and Intrusion Detection (e.g. Log correlation and analysis, Incident Response, Forensics)
- Vulnerability Scanning and Remediation (Infrastructure, Application, and Database)
- Information Security Threat/Risk Assessment
- Demonstrated ability to understand and respond to complex business requirements
- Demonstrated ability in strong verbal and written communication skills to interface with technical and business stakeholders
- U.S. Citizens only- Due to customer requirements, U.S. Citizenship is required. Ability to gain and maintain Trusted Role is required.
Preferred Qualifications:
You are exactly who we are looking for if you
- Scripting and Querying Experience (Python, PERL, Ruby, Bash, SQL, KQL)
- Experience with Data Loss Prevention (DLP) and Whitelisting processes and tools
- Identity Federation Technologies (SAML, etc.)
- Business Continuity and Disaster Recovery planning
- Data Loss Prevention (DLP)
- Data Labeling and Information Rights Management
Education:
- Bachelor’s degree in an IT or Security-related discipline or equivalent experience.
- CISSP and other security/technical certifications are a plus.
Remote Locations:
NC, GA, TX, NJ, PA, IL, DC, MD, OH, FL, SC, CO, IN, WA, NV, CA, MA
Exostar - The Company:
Exostar’s cloud-based platforms create exclusive communities within the Aerospace and Defense, Life Sciences, and other highly regulated industries where members securely collaborate, share information, and operate compliantly. Within these communities we build trust. By analyzing community data, we provide insights and intelligence, enabling organizations to make better, timelier decisions, to mitigate risk, and operate more efficiently.
We believe in employee development: we promote internally and provide training and educational assistance
We provide a fun, engaged workplace, with social and community-building events
We offer comprehensive benefits and flexible time off plans
Exostar is an Equal Opportunity Employment Employer. The company provides equal employment opportunities to all applicants without regard to race, color, religion, sex, national origin, age, marital status, disability status or genetic information. Exostar is committed to providing equal employment opportunities for all persons in all facets of employment including recruiting, hiring, compensation, promotion, training, benefits, transfers and working conditions.