Endpoint Security Engineer Lead

Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years!

TDI is looking for a Lead Endpoint Security Engineer for a customer on a highly visible and strategic Cybersecurity Task Order. The Security Engineer will need to be a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to coordinate multiple concurrent tasks effectively. The engineer will collaborate with internal teams to ensure systems are secure, scalable, and reliable, while supporting the design, development, and integration of cybersecurity tools and architectures across enterprise environments.

This position is hybrid with commute to the Arlington, VA area.

RESPONSIBILITIES:

• Serve as the primary technical authority for CrowdStrike, guiding best practices while overseeing deployment and maintenance of agents to ensure full endpoint coverage
• Lead and support incident detection, investigation, and response using CrowdStrike, including threat hunting and malware analysis in collaboration with the SOC
• Deploy, configure, and manage CrowdStrike Falcon EDR across enterprise environments, ensuring effective coverage, policy enforcement, and threat response
• Integrate CrowdStrike with enterprise security tools (e.g., SIEM/SOAR) and develop automation using Python, PowerShell, or shell scripting to enhance security operations
• Optimize EDR performance by refining detection logic, improving data quality, and developing automated workflows and playbooks
• Ensure endpoint security architecture aligns with enterprise objectives, regulatory requirements, and compliance standards through periodic reviews and enhancements
• Maintain system health through backend administration, monitoring, and log management, including scripting for operational efficiency
• Develop and maintain documentation, SOPs, and knowledge base articles to support consistent security operations
• Produce detailed reports on incidents, root cause analysis, and technical assessments to drive continuous improvement

QUALIFICATIONS:

• Ability to obtain Public Trust clearance and successfully complete the EOD process
• Bachelor's degree in Science, Technology, Engineering or related field and 12-15 years of prior relevant experience with a focus on cybersecurity or Master's with 10 years of prior relevant experience
• Experience leading cross-functional security initiatives and managing small teams or projects
• Extensive hands-on experience with the CrowdStrike Falcon platform, including multiple modules (e.g., EDR, FIM, Identity Protection, Data Protection)
• Expertise in endpoint security concepts and incident response processes
• Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom response actions
• Strong knowledge of security frameworks like NIST or MITRE ATT&CK
• Experience with SIEM integrations and threat analysis
• Solid understanding of operating systems (Windows, Linux, macOS)

PREFERRED QUALIFICATIONS:

• Experience automating management tasks with Ansible, Puppet, or Chef
• Experience working with SIEM tools such as Splunk to ingest, normalize, store, and maintain data from endpoint, network, and application sourcetypes
• Experience working in AWS and Azure
• Experience with Wiz, Sepio, TVM and Nucleus is a plus

TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.

“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”