Job
Description
Strong hands-on experience with one or more EDR platforms (e.g., CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Sophos Intercept X, Trend Micro Apex One). Knowledge of MITRE ATT&CK framework and threat detection techniques. Familiarity with malware analysis, endpoint forensics, and log analysis. Experience with SIEM platforms (e.g., Splunk, QRadar, LogRhythm) for correlation and alerting. Scripting knowledge (PowerShell, Python, Bash) for automation and custom detection. Understanding of endpoint operating systems (Windows, macOS, Linux) and their security internals. Familiarity with enterprise IT infrastructure, Active Directory, and networking basics. Experience with ticketing and incident management tools (e.g., ServiceNow, JIRA). Understanding of compliance standards . Deploy, configure, monitor, and maintain EDR solutions (e.g., CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, Carbon Black, etc.). Monitor endpoint security alerts and respond to threats in real-time. Analyze EDR telemetry to detect suspicious behavior, malware, and advanced persistent threats (APTs). Investigate endpoint security incidents and support root cause analysis. Develop and maintain detection rules, playbooks, and automation scripts. Collaborate with SOC and incident response teams for coordinated threat mitigation. Conduct regular health checks, patching, and performance tuning of EDR agents. Generate and present technical reports, dashboards, and incident summaries. Provide guidance on endpoint security best practices to IT and end users. Support audits and compliance efforts by ensuring endpoint security controls are in place. Participate in cyber drills and contribute to continuous improvement of the incident response process.
