Taxwell is a leading digital tax filing platform formed from the combination of Drake Software and TaxAct. They are seeking a Senior Endpoint Detection & Response (EDR) Security Engineer to protect endpoints through proactive threat detection, investigation, and continuous improvement of the EDR platform.
Responsibilities:
- Administer, configure, maintain, and optimize the enterprise EDR platform
- Investigate endpoint alerts and perform in-depth threat analysis and root cause investigations
- Perform proactive threat hunting across endpoints using EDR telemetry and KQL where applicable
- Develop, tune, and optimize detection rules to reduce false positives and improve detection quality
- Analyze endpoint logs, process activity, network connections, authentication events, and behavioral indicators
- Respond to security incidents through containment, remediation, and recovery activities
- Identify endpoint security gaps and recommend improvements before incidents occur
- Automate repetitive security tasks using PowerShell, Python, or similar scripting languages
- Collaborate with SOC analysts and other security teams during investigations and incident response
- Document investigation findings in reports, playbooks, and operational procedures
Requirements:
- 5+ years of experience in cybersecurity with significant hands-on EDR administration or engineering experience
- Deep expertise with at least one enterprise EDR platform: Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, Carbon Black, Cortex XDR, or similar
- Experience performing endpoint threat investigations, alert analysis, threat hunting, and root cause analysis
- Strong understanding of endpoint telemetry, malware behavior, attack techniques, and MITRE ATT&CK
- Experience creating and tuning detections and reducing false positives
- Experience using Kusto Query Language (KQL), especially with Microsoft Defender XDR or similar EDR tool
- Experience with PowerShell and/or Python automation
- Strong analytical, troubleshooting, and communication skills
- Experience with Microsoft security ecosystem (Entra ID, Intune, Sentinel, Purview)
- Experience with Microsoft Graph API for security automation
- Experience integrating EDR with SIEM platforms
- Relevant certifications (GCFA, GCIH, GCED, CISSP, Microsoft Security certifications)