AWS GovCloud Security Operations Engineer

Job DescriptionJob DescriptionAWS GovCloud Security Operations Engineer (EDR SOAR)We are seeking a highly skilled Security Operations Engineer to join our team supporting a secureAWS GovCloud environment. The ideal candidate will possess extensive expertise in EndpointDetection and Response (EDR) and Security Orchestration, Automation, and Response (SOAR)solutions, specifically with CrowdStrike and ThreatConnect. This role will be responsible for theconfiguration, management, and optimization of these security tools to ensure effective threatdetection, response, and mitigation within a highly regulated cloud environment.Key Responsibilities:- Manage and maintain the CrowdStrike environment, including configuration of policies, tuning, andensuring optimal security posture within AWS GovCloud.- Develop and deploy ThreatConnect playbooks to automate threat detection, investigation, andresponse workflows.- Support the design, implementation, and continuous improvement of EDR and SOAR integrationswithin AWS GovCloud, adhering to strict compliance and security requirements.- Collaborate with SOC, CSIRT, and security engineering teams to develop and refine incidentresponse processes and playbooks for automated and manual response.- Conduct regular assessments to validate the effectiveness of CrowdStrike configurations andThreatConnect playbooks, adjusting as necessary to improve threat coverage and minimizeresponse time.- Monitor, troubleshoot, and resolve issues related to EDR and SOAR tools within AWS GovCloud,ensuring high availability and performance.- Stay up-to-date with AWS GovCloud-specific compliance mandates and ensure that securitypractices align with federal and industry standards.Requirements:- Education: Bachelors degree in Cybersecurity, Computer Science, Information Technology, or arelated field; or equivalent experience.- Experience:- - Minimum of 3-5 years of hands-on experience with CrowdStrike in enterprise environments, withdemonstrated expertise in policy configuration and fine-tuning.- - Proficiency in ThreatConnect with proven experience building and deploying playbooks forautomated threat detection and response.- - Experience working in AWS GovCloud environments and understanding of related compliancerequirements (e.g., FedRAMP, ITAR).- Technical Skills:- - Deep knowledge of CrowdStrike configurations, policies, and threat intelligence features.- - Advanced proficiency in ThreatConnect playbook development and automation processes.- - Familiarity with AWS security and compliance tools, as well as cloud- security practices. Qualifications:- Relevant certifications, such as AWS Certified Security, CrowdStrike Certified Falcon Responder(CCFR), or ThreatConnect Specialist certifications.- Strong scripting skills (e.g., Python, PowerShell) for playbook customization and automation.- Familiarity with other SOAR platforms, SIEM tools, or security frameworks used in cloud and hybridenvironments.Additional Attributes:- Excellent problem-solving skills and the ability to work independently in a dynamic and complexenvironment.- Strong communication and documentation skills to convey technical concepts to both technical andnon-technical stakeholders.- Collaborative mindset with experience in cross-functional teamwork within a security-focusedenvironment.