EDR SME

Level

• Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs).
• Validate and triage alerts generated by Falcon Insight, and escalate confirmed threats to L2/L3 SOC teams
• Use Real Time Response (RTR) to investigate and remediate threats directly on endpoints without disrupting operations
• Assist in troubleshooting sensor-related issues, including log collection and root cause analysis
• Raise and manage support cases with CrowdStrike for unresolved technical problems
• Maintain documentation of known issues, fixes, and deployment best practices.
• Conduct proactive threat hunting using Falcons historical and real-time data.
• Leverage CrowdStrike Adversary Intelligence to correlate endpoint behaviour with known threat actor TTPs
• Collaborate with threat intelligence teams to enrich detection logic and improve response workflows.
• Participate in governance forums and SLA reviews to report on EDR performance, coverage, and incident metrics
• Ensure compliance with internal security policies and external regulatory requirements.
• Contribute to executive dashboards and audit documentation for endpoint security posture
• Work closely with SOC, SIEM, DLP, and Cloud Security teams to integrate endpoint telemetry into broader detection and response strategies
• Support CDC operations by aligning EDR capabilities with automation playbooks and GenAI-driven enrichment

Tool Technology:

Crowdstrike