Key skills
PythonBashPowerShellAWSAzureGoogle CloudActive DirectoryLeadershipPenetration TestingNetwork SecurityCloud Security
About this role
EDR Architect & Penetration Testing Lead: (Cyber security)
San Jose CA
Position Summary
We are seeking an experienced EDR Architect & Penetration Testing Lead to design, implement, optimize, and continuously improve our endpoint security strategy while conducting offensive security assessments to identify and validate security risks. This role will bridge defensive and offensive security functions, ensuring endpoint detection capabilities effectively detect, prevent, and respond to modern threats.
Key Responsibilities EDR Architecture & Endpoint Security
- Design, deploy, and maintain enterprise-scale EDR solutions.
- Develop endpoint security architecture, standards, and operational procedures.
- Configure and optimize detection rules, alerting logic, threat hunting workflows, and response playbooks.
- Integrate EDR platforms with SIEM, SOAR, vulnerability management, and incident response processes.
- Lead endpoint security assessments and architecture reviews.
- Evaluate and recommend endpoint security technologies and controls.
- Develop endpoint hardening standards across Windows, Linux, and macOS environments.
- Create metrics and reporting to measure EDR effectiveness and coverage.
Penetration Testing & Offensive Security
- Plan and execute internal and external penetration tests.
- Perform network, web application, cloud, and endpoint security assessments.
- Conduct red team exercises and adversary emulation activities.
- Validate security controls through simulated attack scenarios.
- Identify vulnerabilities, misconfigurations, and security gaps.
- Produce detailed technical reports with risk ratings and remediation recommendations.
- Partner with engineering and infrastructure teams to validate remediation efforts.
- Develop attack simulations to test EDR detections and response capabilities.
Threat Detection & Security Engineering
- Create custom detection content and threat-hunting methodologies.
- Map detections and attack simulations to the MITRE Telecommunication&CK framework.
- Analyze emerging threats, attacker techniques, and security trends.
- Support incident response investigations and post-incident reviews.
- Develop automated detection and response workflows where appropriate.
Governance & Leadership
- Define endpoint security strategy and roadmap.
- Provide technical leadership for endpoint security initiatives.
- Mentor junior security analysts and engineers.
- Collaborate with infrastructure, cloud, and application teams on security architecture.
- Present findings and recommendations to technical and executive stakeholders.
Required Qualifications
- 7+ years of cybersecurity experience.
- 3+ years designing and managing enterprise EDR platforms.
- Hands-on penetration testing experience across multiple environments.
- Strong knowledge of:
- Windows security architecture
- Linux security
- Active Directory
- Cloud security (AWS, Azure, Google Cloud Platform)
- Network security
- Incident response
- Threat hunting
- Experience with one or more EDR platforms such as:
- CrowdStrike Falcon
- Microsoft Defender for Endpoint
- SentinelOne Singularity
- VMware Carbon Black
- Proficiency in scripting and automation (Python, PowerShell, Bash).
- Strong understanding of attack techniques, malware, and adversary behaviors.
Preferred Qualifications
- Experience conducting red team operations.
- Experience with cloud-native security platforms.
- Knowledge of detection engineering and purple teaming.
- Experience with security automation and SOAR technologies.
Success Metrics
- Improvement in endpoint visibility and detection coverage.
- Reduction in false positives and alert fatigue.
- Successful execution of penetration testing engagements.
- Increased detection rates for simulated attacks.
- Timely remediation of identified security weaknesses.
- Continuous improvement of endpoint security posture and threat detection capabilities.