AWS GovCloud Security Operations Engineer (EDR & SOAR)
We are seeking a highly skilled Security Operations Engineer to join our team supporting a secure
AWS GovCloud environment. The ideal candidate will possess extensive expertise in Endpoint
Detection and Response (EDR) and Security Orchestration Automation and Response (SOAR)
solutions specifically with CrowdStrike and ThreatConnect. This role will be responsible for the
configuration management and optimization of these security tools to ensure effective threat
detection response and mitigation within a highly regulated cloud environment.
Key Responsibilities:
Manage and maintain the CrowdStrike environment including configuration of policies tuning and
ensuring optimal security posture within AWS GovCloud.
Develop and deploy ThreatConnect playbooks to automate threat detection investigation and
response workflows.
Support the design implementation and continuous improvement of EDR and SOAR integrations
within AWS GovCloud adhering to strict compliance and security requirements.
Collaborate with SOC CSIRT and security engineering teams to develop and refine incident
response processes and playbooks for automated and manual response.
Conduct regular assessments to validate the effectiveness of CrowdStrike configurations and
ThreatConnect playbooks adjusting as necessary to improve threat coverage and minimize
response time.
Monitor troubleshoot and resolve issues related to EDR and SOAR tools within AWS GovCloud
ensuring high availability and performance.
Stay uptodate with AWS GovCloudspecific compliance mandates and ensure that security
practices align with federal and industry standards.
Requirements:
Education: Bachelors degree in Cybersecurity Computer Science Information Technology or a
related field; or equivalent experience.
Experience:
Minimum of 35 years of handson experience with CrowdStrike in enterprise environments with
demonstrated expertise in policy configuration and finetuning.
Proficiency in ThreatConnect with proven experience building and deploying playbooks for
automated threat detection and response.
Experience working in AWS GovCloud environments and understanding of related compliance
requirements (e.g. FedRAMP ITAR).
Technical Skills:
Deep knowledge of CrowdStrike configurations policies and threat intelligence features.
Advanced proficiency in ThreatConnect playbook development and automation processes.
Familiarity with AWS security and compliance tools as well as cloudnative security practices.
Preferred Qualifications:
Relevant certifications such as AWS Certified Security CrowdStrike Certified Falcon Responder
(CCFR) or ThreatConnect Specialist certifications.
Strong scripting skills (e.g. Python PowerShell) for playbook customization and automation.
Familiarity with other SOAR platforms SIEM tools or security frameworks used in cloud and hybrid
environments.
Additional Attributes:
Excellent problemsolving skills and the ability to work independently in a dynamic and complex
environment.
Strong communication and documentation skills to convey technical concepts to both technical and
nontechnical stakeholders.
Collaborative mindset with experience in crossfunctional teamwork within a securityfocused
environment.
python,automation,threatconnect,crowdstrike,aws govcloud,powershell,security,aws,edr,security operations,compliance,cloud,soar
AWS GovCloud Security Operations Engineer
