Key skills
CloudCyber SecurityLinuxMacOSPythonUnixBashPowerShellEntra IDActive DirectoryCommunicationCloud Security
About this role
Role Overview
- Detect, analyze, and respond to security incidents detected by EDR, SIEM, and Cloud Security tooling as well as MDR service providers
- Lead or participate in investigation and containment efforts for both endpoint and identity related security threats
- Develop and implement strategies to remove the root cause of the incident
- Conduct forensic data acquisition, log analysis, and root cause determination for endpoint incidents
- Develop and maintain incident response playbooks and runbooks specific to EDR technologies
- Analyze security alerts and anomalies to determine if they represent actual security incidents
- Oversee deployment, configuration, and ongoing management of EDR on endpoints for comprehensive coverage
- Monitor and tune alerting rules/policies to reduce false positives and ensure accurate threat detection
- Maintain compliance measures by enforcing configuration to organizational standards
- Provide training on EDR usage to incident response teams and end-users
- Review security alerts, correlate event data, and identify risks to endpoints
- Maintain integration of EDR tools with SIEM and other security solutions
- Regularly review and update endpoint security policies based on threat intelligence and incident learnings
Requirements
- Proficiency with leading Endpoint Detection and Response platforms (SentinelOne, Microsoft Defender, CrowdStrike, or other toolsets)
- Strong experience with incident response, digital forensics, and threat hunting on endpoints
- Knowledge of endpoint operating systems (Windows, macOS, and Linux)
- Experience with scripting (PowerShell, Python, or Bash) for automation and log parsing
- Excellent analytical and problem-solving skills; ability to work in high-pressure situations
- Effective verbal and written communication abilities
- Detail-oriented with strong organizational skills and the ability to handle multiple priorities
- Ability to work independently and within a collaborative, team-oriented environment
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related discipline (or equivalent experience)
- Minimum 3 years of progressive information security experience
- At least 1-3 years focused on incident response, including hands-on EDR work
- Expertise in Infrastructure Security: In-depth understanding of infrastructure security, including Windows, Active Directory, Unix/Linux, Mobile Security, and Privileged Access Management
- Experience with Microsoft M365 security including Entra ID, Microsoft Defender for M365, and other toolsets is a plus
- Relevant certifications (one or more preferred): GCFA, GCIH, CHFI, CySA+, or similar.
Tech Stack
- Cloud
- Cyber Security
- Linux
- MacOS
- Python
- Unix
Benefits
- Comprehensive medical insurance, dental insurance, and vision insurance
- Life and disability insurance
- Fertility benefits
- Wellness resources
- Paid sick time
- Generous paid time off and holidays
- Employee Assistance Program (EAP)
- Complimentary Calm app subscription
- Immediate vesting in a 401(k) plan
- Health Savings Account (HSA) and Flexible Spending Account (FSA) options
- Commuter benefits
- Employee discount programs
- Paid maternity leave and paid paternity leave (including for adoptive parents)
- Legal plan options
- Pet insurance coverage