*E01 Security Engineer V

Start Date: Immediate

EXPANSIA is a service-disabled veteran-owned company that empowers organizations to be mission ready now with data, people, and ecosystems. As experts in continuous-delivery methods that drive digital adoption, we are dedicated to innovation, efficiency, and technology that benefit the warfighter. EXPANSIA specializes in integration, automation, and sustainment modernization through technology-enabled delivery models, digital engineering, and cloud-ready solutions.

OVERVIEW

Full-time/Permanent Employee

Location: Remote

As a Security Engineer V, you will have deep expertise in Microsoft Defender for Endpoint, Cloud, and Servers, with a strong understanding of the System Engineering Lifecycle. This role will be responsible for designing, implementing, and managing our Microsoft Defender solutions with the overarching automation platform to protect our organization from cyber threats. In addition, the candidate will be responsible for implementing automation strategies to allow for seamless management of applicable MDE capabilities into broader workflows via ServiceNow and other automation tools.

The proposed salary range for this position is $137,065-$160,000. There are a host of factors that can influence final salary including, but not limited to, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications. Our employees value the flexibility EXPANSIA allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our unique mix of benefits options is designed to support and protect employees and their families. Employment benefits include health and wellness programs, income protection, paid leave and retirement and savings.

RESPONSIBILITIES

• Oversee Endpoint Detection and Response (EDR) by guiding mid-level engineers in deploying and fine-tuning EDR solutions for real-time threat monitoring and response, while reviewing and approving the automated response playbooks they create.
• Lead Next-Generation Antivirus (NGAV) implementation by supervising the setup and configuration of behavioral-based protection and ensuring NGAV algorithms are optimized for peak performance under the team's management.
• Direct Threat & Vulnerability Management by overseeing continuous vulnerability assessments and providing remediation recommendations, while developing and executing strategies to mitigate endpoint vulnerabilities in collaboration with the broader vulnerability management team to ensure alignment with organizational goals.
• Manage Attack Surface Reduction by leading the implementation and maintenance of endpoint rules and controls, while regularly reviewing and updating the team's strategies to stay ahead of emerging threats.
• Supervise Cloud-Delivered Protection by ensuring the team integrates real-time Microsoft threat intelligence and updates, while monitoring and adjusting the cloud-delivered protection features they configure.
• Integrate with SIEM solutions by guiding the team in connecting Microsoft Defender with Microsoft Sentinel and other SIEM tools, while reviewing and approving the centralized logging, analytics, and reporting dashboards they create.
• Ensure cross-platform protection by guaranteeing comprehensive security across Windows, Linux, and mobile devices, while managing and monitoring security solutions on diverse platforms to confirm the team's configurations are effective.
• Deliver comprehensive reporting and analytics by overseeing the creation of detailed security posture, incident, and compliance reports, while approving customizable dashboards and alerts developed by the team to keep the security operations center informed.
• Deploy Windows Defender Application Control (WDAC) by leading the design, implementation, and management of WDAC policies, ensuring the team's configurations align with organizational security and compliance requirements, and monitoring and updating policies to adapt to evolving threats and business needs.
• Integrate Microsoft Defender, Intune, and Purview for Data Loss Prevention (DLP) by overseeing the implementation and management of DLP policies, ensuring sensitive data is monitored, classified, and protected.
• Enforce policies across Microsoft 365 and cloud services, monitoring and reporting incidents, and creating unified dashboards and alerts to provide a comprehensive, layered DLP strategy across endpoints, mobile devices, and cloud environments.
• Apply the System Engineering Lifecycle by guiding the team in designing, implementing, and maintaining Microsoft Defender solutions, while ensuring all security measures align with organizational goals and compliance requirements.
• Coordinate security rules and internal access authorization with IT Operations leadership and management
• Configure and maintain user access controls, ensuring compliance with access policies
• Evaluate and recommend security updates, software, and hardware enhancements
• Conduct periodic risk management audits to ensure security measures are effective and up to date
• Ensure 100% of planned hours are worked and recorded
• Identify and escalate opportunities for growth within the work area to leadership
• Participate in growth initiatives as requested
• Ensure all contractual deliverables are met or exceeded to customer satisfaction
• Complete personal PDP and attend Staff Meeting and Storytime (with camera on)
• Build productive and positive professional relationships with clients within the program
• Execute all contract requirements in accordance with contract-specific LCAT and requirements
• Perform other related duties as assigned

KEY QUALIFICATIONS

• Clearance: Active Secret Clearance
• Education and Years of Experience:Bachelor's degree in Computer Science, or Information Security with 15 years of relevant experience; At least 3 years in a leadership or senior engineering position.
• Substitution: High School Diploma with 20+ years of relevant experience or Master's degree and 12 years of relevant experience.
• Required DoD 8140 compliant certification such as CompTIA Security+
• Recognized authority in cybersecurity with expertise in designing and implementing highly innovative security solutions
• Proven ability to develop technical solutions to complex security challenges and determine strategic courses of action
• Extensive experience with Microsoft Defender for Endpoint, Cloud, and Servers.
• Strong experience with endpoint security, threat hunting, and incident response.
• Strong experience with SIEM solutions, especially Microsoft Sentinel.
• Experience automating workflows with automation tools
• Experience administering and working with Linux operating systems, specifically Red Hat Enterprise Linux
• Excellent leadership and team management skills, with the ability to mentor and guide a team to achieve security objectives.
• Strong analytical and problem-solving skills to address complex security tooling challenges.
• Excellent communication and collaboration skills to interact effectively with stakeholders at all levels.
• Understanding of industry compliance standards (e.g., NIST) and relevant regulations (e.g., GDPR, HIPAA) is advantageous.
• Willingness to stay updated with the latest cybersecurity trends and emerging security tools.

PREFERRED ADDITIONAL QUALIFICATIONS

• Other relevant cybersecurity certifications like Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), are a plus.
• ServiceNow integrated workflows/automation
• Microsoft Active Directory/Entra
• Microsoft Federation Services
• Microsoft PowerBI Dashboarding
• Advanced PowerShell scripting or prior software development experience
• DoD PKI

EXPANSIA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.