JOB DESCRIPTION

Responsibilities

Architecture & Strategy

Evolve endpoint security architecture leveraging Microsoft Defender suite (Defender for Endpoint, Defender for Cloud, Defender for Identity) and CrowdStrike Falcon.
Provide operational support for endpoint detection, response, and prevention capabilities aligned with enterprise security strategy.
Establish and enforce security baselines, policies, and standards across all endpoints.
Provide architectural guidance for integrations with SIEM, SOAR, and identity platforms.

Engineering & Implementation

Ensure and support deployment, and optimize Microsoft Defender and CrowdStrike Falcon sensors across enterprise environments.
Lead advanced configuration of:

Endpoint Detection & Response (EDR)

Attack Surface Reduction (ASR) rules

Behavioral analytics and threat intelligence

Develop and maintain detection rules, custom indicators, and threat hunting queries.

Engineer automation workflows for incident response using our SOAR platforms.(TORQ)

Operations & Optimization

Continuously tune detection logic to reduce false positives and improve signal fidelity.

Monitor platform health, performance, and coverage across endpoints.

Conduct gap analysis and implement improvements in endpoint visibility and protection.

Support incident response efforts, including root cause analysis and containment strategies.

Integration & Automation

Integrate Defender and CrowdStrike with enterprise tools such as:

SIEM (e.g., Microsoft Sentinel, Splunk)

SOAR platforms (e.g., Torq, Cortex XSOAR)

Identity providers (Azure AD / Entra ID)

Build API-based integrations and automation pipelines to streamline security operations.

Enable telemetry ingestion into centralized data platforms (e.g., Databricks, Power BI).

Collaboration & Advisory

Work closely with Security Operations, Infrastructure, and Cloud teams.

Provide technical leadership and mentorship to junior engineers.

Act as a subject matter expert for endpoint security technologies.

Support vendor evaluations and proof-of-concept initiatives.

Qualifications:

5+ years of experience in endpoint security engineering and operational roles.

Deep expertise in (MANDATORY SKILLS) :-

Microsoft Defender suite (MDE, MDI, Defender for Cloud)

CrowdStrike Falcon platform

Strong understanding of EDR, XDR, and Zero Trust frameworks.

Experience with threat hunting, MITRE ATT&CK framework, and incident response.

Proficiency in scripting and automation (PowerShell, Python, or similar).

Preferred -

Experience with Microsoft Sentinel or other SIEM platforms.

Familiarity with SOAR platforms (Torq preferred)

Knowledge of cloud security (Azure)

Experience with data analytics platforms (Databricks, Power BI).

Relevant certifications:

Microsoft Security certifications (SC-200, SC-300)

CrowdStrike certifications (CCFA, CCFR)

Senior Endpoint Security Engineer