5 Crowdstrike Edr Jobs

Company Profile Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member's contributions and offers a supportive environment for career development. Come, stay, and grow with us. Job Description We are seeking a skilled and detail-oriented Splunk SIEM Policy Administrator to manage and maintain security policies, configurations, and operational integrity within our Splunk SIEM environment. The ideal candidate will have a strong background in security operations, log management, and policy enforcement, ensuring that our SIEM platform supports effective threat detection, incident response, and compliance requirements Utilize Splunk SIEM and CrowdStrike EDR tools to monitor, detect, and respond to security incidents. Develop and execute security monitoring strategies and initiatives, working closely with the SOC management team to align efforts with organizational goals. Administer and maintain Splunk SIEM policies, configurations, and access controls. Develop, implement, and manage correlation rules, alerts, and dashboards to support threat detection and response. Collaborate with SOC analysts, incident responders, and IT teams to fine-tune SIEM use cases and improve detection capabilities. Ensure compliance with internal security standards and external regulatory requirements (e.g., ISO 27001, GDPR, HIPAA). Monitor and optimize data ingestion pipelines, ensuring relevant logs are collected and parsed correctly. Perform regular audits of SIEM configurations, user roles, and data sources. Document policy changes, configurations, and procedures for operational transparency and continuity. Support onboarding of new data sources and integration with other security tools (e.g., EDR, vulnerability scanners). Assist in troubleshooting and resolving issues related to SIEM performance, data gaps, or false positives. Stay updated with the latest security threats, Splunk features, and best practices. Create and maintain standard operating procedures (SOPs) to ensure consistent and effective security operations. Lead the preparation and delivery of weekly presentations to provide executive-level insights into SOC operations, including key metrics, trends, and emerging threats. Take ownership of false positive report preparations, ensuring accurate identification and documentation of false positives to improve detection and response capabilities. Collaborate with the Security Specialist team on high-priority security incidents, providing expertise and assistance as needed to facilitate incident resolution. Flexible to Provide support to 24/7 L1 Monitoring shift members. Qualifications Bachelor's degree in computer science, Information Security, or related field. 4+ years of experience in SIEM administration, preferably with Splunk. Strong understanding of security operations, log analysis, and incident response. Experience with Splunk SPL (Search Processing Language) and dashboard creation. Familiarity with enterprise security policies, compliance frameworks, and risk management. Correlation Usecase implementation. Creation of Interactive dashboard. Knowledge of networking protocols, operating systems, and common attack vectors. Incident Response & Triaging the true positive events. Excellent analytical, problem-solving, and communication skills. Excellent communication and presentation skills. Commitment to continuous learning and professional development. Flexibility to work shifts from 1 PM to 10 PM and 3 PM to 12 AM.

POSITION RESPONSIBILITIES (100%) Partner with onshore security teams to operationalize, maintain, and enhance endpoint detection and response (EDR) capabilities using CrowdStrike . Optimize the performance, reliability, and effectiveness of endpoint detections, response actions, and policy configurations to ensure comprehensive threat coverage. Identify opportunities to improve endpoint visibility and detection by analyzing current workflows, detection logic, and endpoint behaviors. Support continuous tuning of CrowdStrike detection rules, custom IOAs , and event correlation to reduce false positives and improve alert fidelity. Collaborate across Information Security teams (Security Operations, Threat Intelligence, Vulnerability Management, Incident Response) to align on endpoint-focused detection strategies . Monitor effectiveness of EDR detections, prevention policies , and response workflows ; provide recommendations for continuous improvement. Assist in the deployment and configuration of CrowdStrike sensors across endpoints, ensuring coverage, policy enforcement, and telemetry ingestion . Provide technical expertise and guidance to onshore and offshore teams to support incident investigations, containment, and root cause analysis tied to endpoint threats. Contribute to the development and maintenance of documentation , playbooks, and standard operating procedures (SOPs) for endpoint monitoring, response, and containment. Stay current with emerging endpoint threats , attacker techniques, and CrowdStrike capabilities to proactively enhance detection and response . ORGANIZATIONAL RELATIONSHIPS Works closely with onshore security teams , including Security Operations, Vulnerability Management, Threat Intelligence, and Security Awareness. Collaborates with cross-functional teams : Infrastructure, Application Development, and Cloud Engineering to ensure seamless integration of security tools. Partners with Identity and Access Management (IAM) teams to implement and maintain secure access controls . Engages with external vendors and service providers to evaluate and integrate third-party security solutions. Coordinates with internal stakeholders to align security initiatives with business and compliance requirements. EDUCATION AND EXPERIENCE Education: University Degree in Computer Science or Information Systems is required. MS or advanced security certifications preferred, such as: Certified Information Systems Security Professional ( CISSP ) Additional certifications highly preferred: Offensive Security Certified Professional (OSCP) GIAC Certified Vulnerability Assessor (GCVA) Certified Ethical Hacker (CEH) Experience: Minimum 6+ years of experience in security operations , EDR (CrowdStrike), threat intelligence , and security engineering . At least 2+ years in a regulated industry (e.g., pharmaceutical, Animal Health). Experience working with global teams across multiple time zones. Proven ability to work within diverse technical teams . TECHNICAL SKILLS REQUIREMENTS Strong hands-on expertise with CrowdStrike EDR , SIEM platforms , and threat detection engineering . Proficiency in scripting and automation using Python, PowerShell, or Bash to streamline workflows. Experience with cloud security tools and cloud platforms (AWS, Azure, GCP). Strong grasp of network security concepts including firewalls, IDS/IPS, VPNs , and zero-trust architectures . Familiarity with IAM solutions (Azure AD, Secret Server, SailPoint). Solid understanding of incident response, vulnerability management , and threat lifecycle tools. Knowledge of container security and DevSecOps practices . Strong understanding of encryption, key management , and secure coding best practices. Ability to analyze and interpret security data to identify trends, vulnerabilities, and threats. Familiarity with compliance standards (e.g., GDPR, HIPAA, PCI DSS ). Fluent in written and spoken English , with the ability to communicate effectively with both technical and non-technical audiences. PHYSICAL POSITION REQUIREMENTS Must be available to work between 1 PM IST and 10 PM IST , with a minimum 3-hour overlap with US Eastern Time .

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. To provide security monitoring and support to Client's technology platforms, network, applications, crew, and environments in response to incidents of varying severity and perform other security monitoring/incident response functions as needed. **Duties and Responsibilities:** - Support Client Data Loss Prevention (DLP) initiatives through monitoring and investigation of email, network, and endpoint DLP alerts. - Performs remediation actions to resolve incidents relating to violations of Client Information Security policies. - Establishes and maintains effective service relationships with business users - keeping them informed of the status of their security requests and tickets; understanding their business needs and escalating as necessary; providing non-technical answers to security questions that come in via email or hotline; and explaining the rationale behind security policies, procedures, and monitoring. - Keeps management within the department informed by communicating progress, issues, concerns, and opportunities. Assesses and immediately notifies the manager of any potential information security breach and security issues that may have a negative impact on business operations. - Identifies opportunities to improve the quality, efficiency, and effectiveness of the team. - Adheres to Client Information Security policies and departmental procedures, along with following industry best practices. - Works with other departments (within and outside of Information Security) to communicate appropriate and consistent security requirements. - Participates in the development of team and departmental objectives. - Participates in special projects and performs other duties as assigned. - Supporting the clients" team by acting as an interim team member (e.g. security officer, security manager, security analyst.) - Should independently manage the assigned project/engagement with minimal oversight/guidance from the manager. **Qualifications:** - Undergraduate degree in information/cybersecurity, an information technology-related field, or equivalent combination of training, certifications, and experience. - 4-6 years related experience. - CompTIA Security+, ISC2 CISSP, SANS, or other similar certifications are a plus but not required. - Knowledge of security concepts, theories, and best practices. - Ability to analyze and demonstrate problem resolution skills. - Demonstrated ability to work collaboratively as well as independently, with attention to detail. - Demonstrated ability to be flexible and exercise good judgment. - Demonstrated strong organization and time management skills. - Strong verbal, written, and interpersonal communication skills. - Ability to deal effectively with various levels of business unit crew and management. - Experience on Elastic SIEM, Tines SOAR, and CrowdStrike EDR is good to have. **Special Factors:** - Willing to work in a hybrid model (3 days in the office) in a rotational shift. - Weekend availability/flexibility to work weekends is a MUST. - Willing to support the US shift (Night shift),

Company Profile Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member's contributions and offers a supportive environment for career development. Come, stay, and grow with us. Job Description Pursue specialization in specific areas of security operations, such as threat hunting, malware analysis, or digital forensics, through targeted training and hands-on experience. Utilize Splunk SIEM and CrowdStrike EDR tools to monitor, detect, and respond to security incidents. Develop and execute security monitoring strategies and initiatives, working closely with the SOC management team to align efforts with organizational goals. Create and maintain standard operating procedures (SOPs) to ensure consistent and effective security operations. Support Monitoring Team to take remote session with user for troubleshooting the user machines to remove malware. Lead the preparation and delivery of weekly presentations to provide executive-level insights into SOC operations, including key metrics, trends, and emerging threats. Take ownership of false positive report preparations, ensuring accurate identification and documentation of false positives to improve detection and response capabilities. shift-leading capabilities, managing SOC operations during assigned shifts, including supervision of GET/Associate Security Analysts and coordination of incident response activities. Collaborate with the Security Specialist team on high-priority security incidents, providing expertise and assistance as needed to facilitate incident resolution. Flexible to Provide support to 24/7 L1 Monitoring shift members Qualifications Proven experience using Splunk SIEM, including the ability to analyze prepared use cases, contribute to the creation of custom dashboards, and fine-tune false positive alerts. Good knowledge of SIEM architecture. Excellent skills in email security incident handling, including investigating phishing emails and providing verdicts, as well as basic knowledge of Office 365 Email Exchange. Experience with CrowdStrike EDR for security monitoring and threat detection, along with static and dynamic malware analysis and interactive sandbox report analysis capabilities. ITIL tool experience, particularly with Service-Now. Exposure to firewall and WAF log analysis. Strong knowledge of security SOP creation and maintenance. Basic knowledge of file integrity monitoring. Understanding of security compliance frameworks such as PCI and NIST. Basic understanding of vulnerability management and experience with tools such as Rapid7 and Nessus. Experience with cloud security monitoring, including AD risky detections and Defender for Cloud. Excellent communication and presentation skills. Commitment to continuous learning and professional development. Flexibility to work shifts from 1 PM to 10 PM and 3 PM to 12 AM

Company Profile Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member's contributions and offers a supportive environment for career development. Come, stay, and grow with us. Job Description Pursue specialization in specific areas of security operations, such as threat hunting, malware analysis, or digital forensics, through targeted training and hands-on experience. Utilize Splunk SIEM and CrowdStrike EDR tools to monitor, detect, and respond to security incidents. Develop and execute security monitoring strategies and initiatives, working closely with the SOC management team to align efforts with organizational goals. Create and maintain standard operating procedures (SOPs) to ensure consistent and effective security operations. Support Monitoring Team to take remote session with user for troubleshooting the user machines to remove malware Lead the preparation and delivery of weekly presentations to provide executive-level insights into SOC operations, including key metrics, trends, and emerging threats. Take ownership of false positive report preparations, ensuring accurate identification and documentation of false positives to improve detection and response capabilities. Shift-leading capabilities, managing SOC operations during assigned shifts, including supervision of GET/Associate Security Analysts and coordination of incident response activities. Collaborate with the Security Specialist team on high-priority security incidents, providing expertise and assistance as needed to facilitate incident resolution.Flexible to Provide support to 24/7 L1 Monitoring shift members. Qualifications Proven experience using Splunk SIEM, including the ability to analyze prepared use cases, contribute to the creation of custom dashboards, and fine-tune false positive alerts. Good knowledge of SIEM architecture. Excellent skills in email security incident handling, including investigating phishing emails and providing verdicts, as well as basic knowledge of Office 365 Email Exchange. Experience with CrowdStrike EDR for security monitoring and threat detection, along with static and dynamic malware analysis and interactive sandbox report analysis capabilities. ITIL tool experience, particularly with Service-Now. Exposure to firewall and WAF log analysis. Strong knowledge of security SOP creation and maintenance. Basic knowledge of file integrity monitoring. Understanding of security compliance frameworks such as PCI and NIST. Basic understanding of vulnerability management and experience with tools such as Rapid7 and Nessus. Experience with cloud security monitoring, including AD risky detections and Defender for Cloud. Excellent communication and presentation skills. Commitment to continuous learning and professional development. Flexibility to work shifts from 1 PM to 10 PM and 3 PM to 12 AM.