City of Baltimore, Mayor's Office of Employment Development

    Position Description Baltimore City IT (BCIT) is recruiting for a Security Engineer Endpoint.

    In this role, you will be responsible for monitoring and maintaining our endpoint threat detection capabilities and provide response to security incidents.

    Security Engineer Endpoint responsibilities may include but are not limited to: Implement, operate, administer, and maintain the city’s endpoint security capabilities.

    Troubleshoot and be the technical point of contact for any issues that may arise from endpoint security instrumentation on Unix/Linux or Microsoft Windows systems.

    Conduct gap analysis and provide recommendations for improvements to the city’s endpoint security architecture.

    Develop technical mitigation and remediation strategies to deal with threats to the city’s endpoints.

    Collaborate with Information Security team to provide alert analysis, incident response, threat hunting and remediation activities to ensure return to operations.

    Develop and monitor metrics to ensure the system is operating as designed, analyze patterns of alerts and develop recommendations to drive improvements to our security posture.

    Maintain documentation of endpoint architecture, processes and procedures that go into endpoint security management.

    Provide regular status updates and briefings to BCIT and Information Security leadership.

    Education and Experience ​Minimum Education and Experience Requirements Bachelor's Degree or equivalent in Information Technology, Computer Science, or Computer Engineering or related discipline from an accredited college or university. Five (5) years of security engineering experience including endpoint threat detection systems, intrusion detection systems, SIEM and incident response.

    Relevant certifications (PMP, GEVA, Security+, etc) preferred. Skills Requirements Requires demonstrated understanding and experience with network and security architecture, multiple operating system platforms, databases, web applications, and other evolving mobile and cloud technologies, along with the following: malware detection, security information event management (SIEM), incident response, traditional and application layer firewalls, VPN, identity management systems, and network and host-based intrusion detection/prevention systems.

    Knowledge of security risk assessment processes and information security control frameworks.

    Knowledge network communication using TCP/IP protocols, basic system administration, virtual systems, active directory architecture, web proxies, etc.

    Requires excellent verbal and written communication skills.

    Ability to multi-task and work under pressure in a fast-paced environment.

    Attention to details and demonstrated problem-solving skills.

    Good team player, self-confident, motivated, and independent, capable of working with little to no instructions.

    %FOOTER_POWERED_BY%breezy