UST
Website:
ust.com
Job details:
Role Description
Role Summary
We are looking for an experienced EDR Specialist with strong hands-on expertise in EDR/XDR platform administration and operations across multiple tools such as CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint (MDE), Palo Alto Cortex XDR, and Kaspersky. The role focuses on platform management, operational excellence, and enabling SOC teams to effectively detect, investigate, and respond to threats.
Key Responsibilities
EDR/XDR Platform Administration (80%)
- Administer and manage EDR/XDR platforms such as CrowdStrike (This a must have), SentinelOne, Defender for Endpoint, Cortex XDR, and Kaspersky
- Manage full agent lifecycle including deployment, upgrades, troubleshooting, and decommissioning
- Perform Proactive Threat Hunting
- Build Custom Detection rules to improve the out-of-the-box detection for the customer.
- Configure endpoint security policies, exclusions, prevention controls, and response actions
- Experience in Identity, Device and Firewall modules of EDR
- Manage RBAC, user access, device groups, tags, and organizational structure
- Perform continuous health monitoring of agents and platforms to ensure optimal coverage and performance
Operational & Incident Support
- Execute remote response actions such as host isolation, process termination, and file quarantine
- Coordinate with IT and endpoint teams for remediation and recovery activities
- Maintain incident documentation, evidence, and audit trails
Integrations & Ecosystem Management
- Integrate EDR/XDR platforms with SIEM and SOAR solutions
- Maintain and troubleshoot APIs, connectors, and data ingestion pipelines
- Collaborate with identity, email security, and vulnerability management teams
Compliance, Reporting & Governance
- Develop and maintain coverage, health, and compliance reports
- Support audits by providing configuration evidence and operational documentation
- Ensure adherence to organizational security and compliance standards
Required Skills & Experience
- Hands-on experience as an EDR/XDR Administrator in enterprise environments
- Strong experience with at least two EDR tools: CrowdStrike (sThis is a must), SentinelOne, MDE, Cortex XDR, or Kaspersky
- Good understanding of endpoint operating systems: Windows, Linux, and macOS
- Experience with SIEM integrations and SOC operational workflows
- Strong troubleshooting, documentation, and communication skills
Nice-to-Have Skills
- Scripting experience with PowerShell or Python
- Familiarity with MITRE ATT&CK framework
- Experience with cloud workload protection or XDR modules
- Relevant security certifications (Microsoft, CrowdStrike, SentinelOne, Palo Alto)
- Experience in Any of the leading DLP solutions.
Skills
endpoint detection and response,endpoint security,incident response,mitre att&ck,
Click on Apply to know more.