Microsoft Defender Endpoint Detection SME, Senior

The Challenge:

Everyone is trying to “harness the power of the cloud,” but not everyone knows how. As a Microsoft Defender Endpoint Detection SME, you know how to build a cloud-based technical architecture that meets client needs and takes advantage of cloud capabilities. What if you could use your cloud architecture skills to improve the defense industry? We need you to help us develop cloud-based solutions for some of DoD's toughest challenges.

On our team, you’ll be part of a team of cloud experts as you look for ways to improve our client’s environment using current cloud capabilities. Your technical expertise will be vital as you work with our client to inform strategy and design and ensure standards are met throughout the process. You’ll recommend tools and solutions based on your research of the current environment and knowledge of various on premises, cloud based, and hybrid resources. Additionally, you’ll broaden your skillset in areas like endpoint detection and response, automation, cloud based security, and cyber threat hunt, while developing critical systems for our defense client. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

Ready to transform warfighter communications with cloud technology?

Join us. The world can’t wait.

You Have:

  • 5+ years of experience with configuring and deploying enterprise endpoint security solutions, including Microsoft Defender for Endpoint (MDE) as either deployment of solution or day to day analysis of the solution

  • Experience with triaging security events in a security operations center (SOC) environment, leveraging data collected from enterprise security solutions

  • Experience with providing status reports for the activities of the team, including metrics and KPIs

  • Knowledge of executing incident response activities and seeing incidents through to successful remediation

  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions

  • Knowledge of network security architecture concepts including topology, protocols, components, and principles

  • Knowledge of malware analysis concepts and incident handling methodologies

  • Ability to obtain a security clearance

  • HS diploma or GED

Nice If You Have:

  • Experience with conducting proactive Advanced Persistent Threat (APT) and Focused Operator (FO) hunting, incident response support, and advanced analytic capabilities while providing adversary mitigation and executive level recommendations 

  • Experience with monitoring and reporting changes in threat dispositions, activities, tactics, capabilities, objectives as related to designated cyber operations warning problem sets

  • Knowledge of cyber-attack stages, including reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, and covering tracks

  • Knowledge of incident triage, including scope, urgency, potential impact, and making recommendations that enable expeditious remediation

  • Ability to profile and track APT/FO actors that pose a threat in coordination with threat intelligence support teams

  • Ability to review and analyze log files from various sources, including SIEM, packet captures, and host logs to report any unusual or suspect activities

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.


The proposed salary range for this position in Colorado is $135,000 to $145,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.


Not ready to apply? Join our talent community and sign up for job alerts.