EDR Engineer I

About The Position

Requirements

• 1+ years in a SOC, Systems Administration, or Cybersecurity role.
• Strong foundational knowledge of Windows operating systems and basic troubleshooting.
• Hands-on experience investigating alerts within an EDR solution and an understanding of how modern sensors collect telemetry.
• A strong ability to analyze security alerts and logs to identify patterns, anomalies, and potential indicators of compromise (IoCs).
• Ability to interpret vendor documentation to troubleshoot agent issues and software conflicts with business-critical applications.
• Excellent technical communication skills with a "customer-first" mindset.

Nice To Haves

• Experience with Google SecOps (Chronicle), SIEM solutions, or RMM tools.
• Foundational security certs (e.g., CompTIA Security+, SC-200, or vendor-specific EDR certs).
• Scripting/automation (PowerShell, Python, Bash) and experience with macOS or Linux devices.
• Threat hunting, identity management, phishing remediation, or EDR deployment/onboarding.

Responsibilities

• Act as an escalation point for the analyst team on EDR-related cases across technologies including CrowdStrike, SentinelOne, Microsoft Defender, Cortex XDR, Cisco Secure Endpoint, and Carbon Black.
• Analyze security incidents, logs, and process trees to distinguish between legitimate activity and potential threats.
• Gather forensic data (process IDs, file hashes, IP addresses) and escalate high-priority incidents to the Tier 3 Engineering team.
• Conduct weekly console checkups to identify "silent" agents, offline hosts, or installation failures to ensure 100% fleet health.
• Assist senior engineers in fine-tuning security policies and configuring exclusions/whitelists to resolve software conflicts without compromising security.
• Troubleshoot broken sensors and coordinate directly with client IT contacts for re-installations and remediation.
• Efficiently sort through low-severity alerts to close or escalate, keeping customer environments organized and actionable.
• Manage incoming EDR-related support tickets, providing rapid response and clear technical communication to both internal teams and non-technical stakeholders.
• Pull weekly fleet health reports to demonstrate security posture and protection levels to our clients.
• Stay current with the MITRE ATT&CK framework and participate in knowledge sharing to improve detection engineering and response workflows.

Benefits

• Robust medical insurance options to keep you and your family healthy.
• Employer-paid Dental coverage
• Employer-paid Short-Term (STD) and Long-Term Disability (LTD).
• 3 weeks of paid vacation, plus additional sick leave and paid company holidays to ensure you have time to recharge.
• Access to world-class training and mentorship.
• Support your career trajectory, whether you’re looking to deepen your technical skills or move into leadership.
• Help protect global clients using the latest AI-enhanced security tools and GCP native technologies.