Trellix Professional Services Consultant

Company Overview:

Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’ security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 40,000 business and government customers. More at https://trellix.com.

About the role:

• Be a trusted Trellix and XDR advisor to Federal Customers
• Manage efforts associated with Trellix' EDR deployment in a customer cloud environment, to include project management and reporting, RMF processes, and customer engagement via verbal and written communication.
• Provide technical and project management leadership of the project team.
• Work with groups within a customer agency to deploy, integrate, operationalize, and sustain Trellix’ s Network Security and Malware Analysis/Sandbox capabilities across a broad enterprise.
• Collaborate with end users as well as inter-agency, intra-agency, and internal Trellix stakeholders.
• Conduct technical exchange meetings as well as writing technical documentation and briefings.
• Assist in developing engineering artifacts such as system design diagrams, data flow diagrams, test plans, test reports, etc.
• Develop testing, debugging, pre-deployment testing, and post-deployment testing.
• Assist customers with the certification and accreditation and/or access and authorization processes.
• Drive system configuration, tuning, and policy development.
• Develop standard operating procedures (SOPs) and playbooks.
• Analyze data and provide recommendations for solutions to operational and/or technical problems.
• Lead technical troubleshooting efforts and problem resolution, including assessment, hands-on tasks, log reviews, performing triage tools, reviewing product documentation, and communicating with product support and development teams
• Must maintain a good knowledge of other information security vendor's products and the competitive relationship to Trellix's products
• Participate in conference calls, onsite meetings and roundtables with customers, sales, internal product development and support to gather data, scope new and existing work, evaluate or suggest new product features and assist in resolving existing product issues.
• Recognize and generate potential product and consulting services sales leads when appropriate and necessary.
• Author formal reports, architecture designs, optimization guides, and best-practice white papers covering a variety of security topics.

About you:

• Understanding of cyber threats, attack vectors, detection capabilities, and associated countermeasures.
• Experience working in a Security Operations Center to monitor security alerts, respond and remediate detected issues is preferred.
• Clear understanding of organizational Incident Management processes in relation to threats and vulnerabilities.
• Maintain a deep knowledge of Trellix (formerly McAfee) Endpoint Security, Application Control/Change Control, MVISION EDR and management products, including how to install them, troubleshoot them, and configure them via ePO and MVISION ePO.
• Knowledge and experience with XDR/EDR, Endpoint Security tools (AV, whitelisting, etc.) and Threat Hunting.
• Experience in Windows, Mac, Linux OS and application hardening, including understanding artifacts and behaviors.
• Experience with one or more scripting languages: Python, PowerShell, Go, C#, other command line scripting or similar is preferred.
• You may have experience scripting API integrations with response and orchestration tools like SIEM, SOARs and/or XDR platforms.
• Experience with a SIEM tool and working with SIEM Analyst.
• Experience with event correlation and analysis.
• Demonstrated technical proficiency in cybersecurity operations, cybersecurity engineering, systems engineering.
• Experience with Virtualization (VMWare, Nutanix, etc.) and Cloud Services [i.e., AWS, Azure]) and enterprise networks.
• Experience with security application/endpoint protection designs, implementations, training, and knowledge transfer for a wide variety of customers.
• Ability to identify gaps in application and network security architecture and recommend strategies using a combination of industry-standard security best practices, software controls and other necessary changes to promote a higher level of information security practices.
• Detailed understanding of the TCP and IP protocol suites and ability to dissect and explain the contents of traffic and packets.
• Experience with configuration of debugging, event generation, and logging functionality within the application and operating systems, using Syslog or flat-file generation.

Required Qualifications:

• 10 years of technical experience working in IC enterprise environments
• Experience with Risk Management Framework (RMF)
• Currently hold an adjudicated TS/SCI Clearance with CI Poly
• BA/BS in a technical field
• Active DoD 8570 or DoD 8140 compliant cybersecurity certification

This position is paid (in part) on a commission basis. The Base Pay Range is $126,000 – $234,000. The On Target Earnings (OTE) Range (base pay plus on target commission) is $157,500 – $292,500. Actual base pay within the Base Pay Range and actual OTE within the OTE Range will depend on varying circumstances, including the work location, individual qualifications, company budget and other operational business needs. Compensation may also include long-term incentives, subject to various metrics and company policy.