Senior Endpoint Security Engineer

JOB DESCRIPTION

Responsibilities

Architecture & Strategy • Evolve endpoint security architecture leveraging Microsoft Defender suite (Defender for Endpoint, Defender for Cloud, Defender for Identity) and CrowdStrike Falcon. • Provide operational support for endpoint detection, response, and prevention capabilities aligned with enterprise security strategy. • Establish and enforce security baselines, policies, and standards across all endpoints. • Provide architectural guidance for integrations with SIEM, SOAR, and identity platforms.

Engineering & Implementation • Ensure and support deployment, and optimize Microsoft Defender and CrowdStrike Falcon sensors across enterprise environments. • Lead advanced configuration of:

• Endpoint Detection & Response (EDR)

• Attack Surface Reduction (ASR) rules

• Behavioral analytics and threat intelligence

• Develop and maintain detection rules, custom indicators, and threat hunting queries. • Engineer automation workflows for incident response using our SOAR platforms.(TORQ)

Operations & Optimization

• Continuously tune detection logic to reduce false positives and improve signal fidelity.

• Monitor platform health, performance, and coverage across endpoints.

• Conduct gap analysis and implement improvements in endpoint visibility and protection.

• Support incident response efforts, including root cause analysis and containment strategies.

Integration & Automation

• Integrate Defender and CrowdStrike with enterprise tools such as:

• SIEM (e.g., Microsoft Sentinel, Splunk)

• SOAR platforms (e.g., Torq, Cortex XSOAR)

• Identity providers (Azure AD / Entra ID)

• Build API-based integrations and automation pipelines to streamline security operations.

• Enable telemetry ingestion into centralized data platforms (e.g., Databricks, Power BI).

Collaboration & Advisory

• Work closely with Security Operations, Infrastructure, and Cloud teams.

• Provide technical leadership and mentorship to junior engineers.

• Act as a subject matter expert for endpoint security technologies.

• Support vendor evaluations and proof-of-concept initiatives.

Qualifications:

• 5+ years of experience in endpoint security engineering and operational roles.

• Deep expertise in (MANDATORY SKILLS) :-

• Microsoft Defender suite (MDE, MDI, Defender for Cloud)

• CrowdStrike Falcon platform

• Strong understanding of EDR, XDR, and Zero Trust frameworks.

• Experience with threat hunting, MITRE ATT&CK framework, and incident response.

• Proficiency in scripting and automation (PowerShell, Python, or similar).

Preferred -

• Experience with Microsoft Sentinel or other SIEM platforms.

• Familiarity with SOAR platforms (Torq preferred)

• Knowledge of cloud security (Azure)

• Experience with data analytics platforms (Databricks, Power BI).

• Relevant certifications:

• Microsoft Security certifications (SC-200, SC-300)

• CrowdStrike certifications (CCFA, CCFR)