Senior Managed EDR Threat Engineer

Summary

Join Proficio's Managed infrastructure Services team as an experienced MEDR threat engineer. You will leverage your in-depth knowledge of endpoint detection and response to guide the evolution of Proficio's Managed EDR technologies. Collaborate with engineering, project managers, and other departments to deliver significant new features and enhancements. Interface with cross-functional teams, applying your expertise in product EDR best practices. The ideal candidate will have a proven ability to influence cross-functional teams and contribute to a dynamic, innovative environment. Proficio offers a competitive salary and benefits package, including health benefits, lunches, gym reimbursement, and internet funding for India staff.

Requirements

• 3.5+ years work experience in a cyber security, security investigations, or cyber threat intelligence investigation’s role
• Experience with deploying, configuring, and maintaining Enterprise EDR Solutions specifically CrowdStrike Falcon and Microsoft Defender for Endpoint
• Experience investigating and acting on high-impact threats such as account compromise, account creation abuse, business compromise, or malware analysis
• Experience thinking critically and qualifying assessments with solid communications skills in a cross-functional setting to influence decision makers
• 2+ years of experience with performing systems administration, including basic troubleshooting and installation, monitoring system performance or availability, and performing security upgrades
• Knowledge of network security architecture concepts including topology, protocols, components, and principles
• Knowledge of various Enterprise Operating System (OS) configurations and management tools for use during deployment, configuration, and management of EDR solutions

Responsibilities

• Deploy, configure, and maintain EDR solutions
• Manage and optimize EDR platforms, including CrowdStrike Falcon, Microsoft Defender for Endpoint
• Ensure that endpoints are adequately secured, and all EDR solutions are functioning effectively within the environment
• Endpoint Security Management
• Administer endpoint security management tools such as antivirus, web filtering, data loss prevention, and spam filtering, focusing on integration and coordination with EDR platforms to ensure a comprehensive security posture
• Proactive Threat Hunting
• Leverage the full capabilities of EDR tools to proactively hunt for threats across the enterprise environment
• Utilize CrowdStrike Falcon's Threat Graph, Defender for Endpoint's advanced hunting queries, and SentinelOne’s behavioral AI to detect undetected threats and abuse
• Incident Investigation and Response
• Conduct in-depth investigations using EDR solutions to analyze complex account compromises, malware infections, and vulnerabilities
• Use advanced detection mechanisms in TrendMicro Vision One and CrowdStrike to understand adversarial behavior and recommend appropriate mitigation strategies
• Remediation and Prevention
• Identify and implement detection/prevention strategies through EDR platforms
• Leverage Microsoft Defender for Endpoint to automate response playbooks and block potential threats, and utilize Apex One to enhance protection against emerging threats
• Tactics, Techniques, and Procedures (TTPs)
• Apply knowledge of adversary TTPs across multiple attack surfaces using EDR tools
• Utilize real-time intelligence from CrowdStrike, Defender for EndPoint and from other EDR tools to stay ahead of emerging tactics and enhance detection capabilities
• Cross-functional Communication
• Lead technical investigations and communicate actionable insights derived from EDR tools to cross-functional teams
• Ensure that the analytic findings and mitigations are clear and actionable across different teams
• Continuous Improvement
• Continuously analyze data from EDR tools like CrowdStrike, Defender for Endppoint. TrendMicro Vision One to identify trends in adversary behavior
• Create new detection rules and adjust EDR settings to ensure optimal performance and coverage
• Security Analytics and Data Interpretation
• Use data from EDR tools and other EDR platforms to analyze, interpret, and quantify trends
• This supports the investigation of threats and validates security incidents

Preferred Qualifications

• Experience with similar tools such as SentinelOne, TrendMicro Vision One, and Apex Central
• Experience working in a Security Operations Center (SOC) environment including Incident Response, Vulnerability Scanning, Threat Hunting, Network Monitoring/Log Management, or Compliance Management
• Experience with complimentary Enterprise Security Tools including Security Information & Event Management (SIEM), Threat Intelligence Platforms (TIPs), or Network Monitoring Tools
• Experience with triaging security events in a security operations center (SOC) environment, leveraging data collected from enterprise security solutions
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Ability to integrate Cybersecurity data using enterprise or custom tools data aggregation and analysis tools, including Splunk and Elastic

Benefits

• Salary 13 Lakh
• Opportunity to work in a progressive organization with structured training and roadmap for success
• Health benefits, lunches, gym reimbursement, and internet funding for our India staff!
• Experience in one of the hottest IT industries today