InfoSec L2 SOC SME EDR

POSITION RESPONSIBILITIES

• Partner with

  onshore security teams

  to operationalize, maintain, and enhance

  endpoint detection and response (EDR)

  capabilities using

  CrowdStrike

  .
• Optimize the

  performance, reliability, and effectiveness

  of endpoint detections, response actions, and policy configurations to ensure comprehensive threat coverage.
• Identify opportunities to improve

  endpoint visibility and detection

  by analyzing current workflows, detection logic, and endpoint behaviors.
• Support

  continuous tuning

  of CrowdStrike detection rules,

  custom IOAs

  , and

  event correlation

  to reduce false positives and improve alert fidelity.
• Collaborate across Information Security teams (Security Operations, Threat Intelligence, Vulnerability Management, Incident Response) to align on

  endpoint-focused detection strategies

  .
• Monitor effectiveness of

  EDR detections, prevention policies

  , and

  response workflows

  ; provide

  recommendations

  for continuous improvement.
• Assist in the

  deployment and configuration

  of CrowdStrike sensors across endpoints, ensuring

  coverage, policy enforcement, and telemetry ingestion

  .
• Provide

  technical expertise and guidance

  to onshore and offshore teams to support

  incident investigations, containment, and root cause analysis

  tied to endpoint threats.
• Contribute to the

  development and maintenance of documentation

  , playbooks, and

  standard operating procedures (SOPs)

  for endpoint monitoring, response, and containment.
• Stay current with emerging

  endpoint threats

  , attacker techniques, and CrowdStrike capabilities to

  proactively enhance detection and response

  .

ORGANIZATIONAL RELATIONSHIPS

• Works closely with

  onshore security teams

  , including Security Operations, Vulnerability Management, Threat Intelligence, and Security Awareness.
• Collaborates with

  cross-functional teams

  : Infrastructure, Application Development, and Cloud Engineering to ensure seamless integration of security tools.
• Partners with

  Identity and Access Management (IAM)

  teams to implement and maintain

  secure access controls

  .
• Engages with

  external vendors and service providers

  to evaluate and integrate third-party security solutions.
• Coordinates with

  internal stakeholders

  to align security initiatives with business and compliance requirements.

EDUCATION AND EXPERIENCE

Education:

• University Degree in

  Computer Science or Information Systems

  is required.
• MS or

  advanced security certifications

  preferred, such as:
• Certified Information Systems Security Professional (

  CISSP

  )
• Additional certifications highly preferred:

• Offensive Security Certified Professional (OSCP)

• GIAC Certified Vulnerability Assessor (GCVA)

• Certified Ethical Hacker (CEH)

Experience:

• Minimum

  6+ years

  of experience in

  security operations

  , EDR (CrowdStrike),

  threat intelligence

  , and

  security engineering

  .
• At least

  2+ years

  in a

  regulated industry

  (e.g., pharmaceutical, Animal Health).
• Experience working with

  global teams

  across multiple time zones.
• Proven ability to work within

  diverse technical teams

  .

TECHNICAL SKILLS REQUIREMENTS

• Strong hands-on expertise with

  CrowdStrike EDR

  ,

  SIEM platforms

  , and

  threat detection engineering

  .
• Proficiency in

  scripting and automation

  using

  Python, PowerShell, or Bash

  to streamline workflows.
• Experience with

  cloud security tools

  and

  cloud platforms

  (AWS, Azure, GCP).
• Strong grasp of

  network security concepts

  including

  firewalls, IDS/IPS, VPNs

  , and

  zero-trust architectures

  .
• Familiarity with

  IAM solutions

  (Azure AD, Secret Server, SailPoint).
• Solid understanding of

  incident response, vulnerability management

  , and threat lifecycle tools.
• Knowledge of

  container security

  and

  DevSecOps practices

  .
• Strong understanding of

  encryption, key management

  , and

  secure coding

  best practices.
• Ability to

  analyze and interpret security data

  to identify trends, vulnerabilities, and threats.
• Familiarity with

  compliance standards

  (e.g.,

  GDPR, HIPAA, PCI DSS

  ).
• Fluent in

  written and spoken English

  , with the ability to communicate effectively with both technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS

• Must be available to work between

  1 PM IST and 10 PM IST

  , with a

  minimum 3-hour overlap with US Eastern Time

  .