EDR SME

Dear Candidates,

UST is looking for a EDR SME with atleast 7 years of exp.

Required Experience : 7+ Years

NP : Immediate to 30 days only

Location: Any UST Location.

Interested candidate can share your updated CV to

JD :

We are looking for a highly skilled and motivated L3 EDR Subject Matter Expert (SME) to join our Managed EDR (MEDR) team. The SME will play a key role in managing, optimizing, and evolving enterprise-grade EDR/XDR platforms across multiple client environments. This role demands strong technical expertise, analytical thinking, and a proactive approach to improving platform performance, automation, and service delivery.

Key Responsibilities:

Platform Administration & Optimization

• Own the administration, configuration, and tuning of EDR/XDR platforms (e.g., Microsoft Defender, Cybereason, SentinelOne, CrowdStrike,).
• Maintain and optimize policies, exclusions, and performance baselines.
• Conduct regular platform health checks, upgrades, and patch validations.
• Manage multi-tenant or multi-client environments within SaaS/Hybrid EDR deployments. Incident Support & Advanced Troubleshooting
• Serve as the highest escalation point (L3) for complex platform or endpoint issues.
• Collaborate with SOC teams during critical incidents for technical deep-dive analysis.
• Perform root cause analysis and provide platform-level remediations. Automation & Operational Excellence
• Develop scripts or playbooks (PowerShell, Python, API integrations) to automate repetitive administrative tasks.
• Identify areas for process improvement to enhance speed, efficiency, and reliability of the MEDR service. Service Delivery & Client Support
• Work closely with client security teams and product owners for change management, onboarding, and continuous improvement.
• Create and maintain detailed operational documentation, SOPs, and configuration baselines.
• Provide technical inputs during service reviews and roadmap discussions. Security Engineering & Continuous Improvement
• Contribute to EDR policy enhancements, integration with SIEM/SOAR tools, and telemetry enrichment.
• Research and test new EDR features, threat detection techniques, and best practices.
• Mentor L1/L2 analysts and guide them on advanced EDR operations.

Required Skills & Qualifications:

• Strong hands-on experience with Cybereason, Microsoft Defender for Endpoint, SentinelOne, CrowdStrike, or Cortex XDR (at least two mandatory).
• Deep understanding of endpoint security architecture, EDR telemetry, and threat hunting workflows.
• Experience in policy fine-tuning, device group management, automation (PowerShell, Python), and API-based integrations.
• Knowledge of Windows, macOS, and Linux endpoint internals and troubleshooting.
• Familiarity with MITRE ATT&CK, incident lifecycle, and EDR-SIEM integrations.
• Excellent documentation, communication, and cross-functional collaboration skills.
• Strong analytical and problem-solving skills.
• Ownership mindset with ability to operate independently.
• Mentorship and knowledge-sharing orientation.
• Continuous learner attitude towards emerging EDR and XDR technologies.

Skills

SentinelOne, EDR, Crowdstrike, Cybereason