← Back to Jobs
Full Time

Security Automation Engineer - Stefanini IT Solutions - Raritan, NJ

Stefanini IT Solutions

Apply Now
Raritan, NJ
Google Jobs
Posted 13 days ago

Key ResponsibilitiesBuild the event pipeline & data model Stand up and harden the FDR to S3 delivery for Falcon Device Control events (e.g., DcRemovableStorageDeviceConnected, DcUsbDevicePolicyViolation, DcUsbDeviceWhitelisted, etc.), ensuring schema normalization and lifecycle management in S3.Configure Microsoft Sentinel ingestion for FDR data and AD/Entra ID user/group events; develop KQL parsers, tables, and data normalizations to support correlation. Correlation & detection logic Author KQL analytics/rules that join Windows Event IDs 4728/4729/6416/4663 with CrowdStrike Device Control events to identify when a user's group status should change host USB policy posture.Implement suppression/thresholding to reduce flapping and false positives (e.g., batch group changes, burst‑aware dedupe). Automation & integration Build idempotent automation (PowerShell, Python, Logic Apps, Functions, or similar) that calls CrowdStrike APIs to move hosts into/out of the Device Control allow group based on Sentinel signals. Include robust error handling, retries, and audit logging.Package automation as CI/CD artifacts (IaC where appropriate), with secure secrets handling (Key Vault/Secrets Manager). Testing & validation Develop unit tests for parsers and functions, integration tests for end‑to‑end flows (synthetic Windows events + synthetic FDR samples), and UAT runbooks for security operations.Create simulation data (sanitized/synthetic) to validate rules for Event IDs 4728, 4729, 6416, 4663 and representative FDR Device Control events prior to production cutover. Operations & documentation Build dashboards in Sentinel that show pipeline health, rule efficacy, and host policy transitions.Document the full runbook: deployment, rollback, break‑glass steps, and change control.Train L2/L3 SOC and Help Desk on troubleshooting and manual override procedures. Job RequirementsDetails:Minimum Qualifications 5+ years in security engineering/automation with SIEM (Microsoft Sentinel) and end

Apply for this Position