Job Title: Network Security Engineer (CrowdStrike)
Location: San Francisco, CA Onsite
Duration: 3 Years+
Task 1: CrowdStrike – The CrowdStrike resource will have at least three years of experience supporting large enterprise, customers maximize the efficiency of the Crowdstrike platform. This subject matter expert is expected to have and maintain all relevant Crowdstrike certifications. This SMA shall provide dedicated assistance with the deployment, configuration and integration of the Airport’s CrowdStrike
Assist with and makes changes to the CrowdStrike platform to better protect SFO networks and endpoints.
Optimizes the Falcon Platform according to CrowdStrike and industry best practices.
Enhance SFO change management and incident response procedures to align with capabilities and workflows provided by CrowdStrike “Falcon Complete.”
Advise IT Operations how to best leverage CrowdStrike platform to minimize cybersecurity risks associated with unresolved patching and remediation tasks and assist in the implementation of same.
Task 1 Deliverables:
A. Resident Engineer will be tasked with protecting resources on SFO networks by implementing conditional multi-factor authentication rules so that stolen (or easily guessed) authentication credential cannot, by themselves, be used to access to RDP and other services running on Microsoft
B. Implement host-based firewall rules to further limit accessibility of network-facing services on Microsoft Windows, Microsoft Windows Server, macOS and Linux to only those individuals and networks with a valid business justification to access said services (“remote access”)
C. The Resident Engineer must be able to explain how these enhancements might be implemented using a combination of CrowdStrike and Palo Alto Networks User-ID, Group-ID, GlobalProtect VPN, Azure VPN gateway, or some other remote access solution, as well as the strategic use of virtual routing and forwarding tables to ensure remote access cannot be achieved using stolen authentication credentials (e.g. Pass-the-Hash attacks).
D. Improve the quality and entropy of memorized authentication secrets used to authenticate network services where MFA cannot be implemented; establish a baseline of said authentication events, and devise controls to detect atypical authentication requests outside of said baseline.
E. Establish procedures to ensure authentication secrets used by services accounts which have been historically exempted from periodic password changes, are changed, baselined, and then subject to change every twenty-four months thereafter.
F. Leverage the Falcon Agent real-time-response capabilities to execute audit scripts that compare endpoint configuration against desired “hardening” settings.
