EDR Specialist - L2

Job Overview:

The EDR Specialist will be responsible for supporting the deployment and operational effectiveness of endpoint security solutions, including EDR/MDR, antivirus, threat hunting, and forensics tools. This role requires close collaboration with the user department and other technical teams to ensure that security measures are in place to detect, respond to, and mitigate cyber threats. The individual will actively participate in security investigations, rule creation, and system fine-tuning, all while adhering to the established processes and compliance frameworks. The resource is expected to have an in-depth understanding of cyberattack methods, vulnerability management, and endpoint security tools, as well as experience in managing security incidents and performing root cause analysis.

Key Responsibilities:

1.Technical Support & Deployment:
Provide on-site support for the implementation and management of EDR/MDR solutions, antivirus, and other endpoint security products.
Ensure the deployment of security products meets the project scope and client requirements.
Support the functioning of EDR tools to detect, investigate, and respond to security alerts and incidents.
2.Investigation & Analysis:
Conduct detailed investigations on security alerts and cyber threats detected through EDR systems.
Perform root cause analysis for incidents and identify vulnerabilities in operating systems, applications, and network devices.
Analyze security logs to detect unauthorized behavior and recommend corrective actions.
3.Rule & Dashboard Creation:
Create new rules, dashboards, and reports within EDR tools to detect emerging threats and reduce false positives.
Review and fine-tune existing correlation rules to improve detection accuracy.
Stay updated on IT security trends and intelligence to enhance security rule sets.
4.Process & Compliance Management:
Review and maintain processes, reports, KPIs, and compliance related to IT security.
Ensure adherence to ITIL processes and best practices.
Develop and maintain knowledge bases and working instructions for IT security operations.
5.Incident Management:
Manage and dispatch security incident tickets and track them through resolution.
Coordinate with other technical teams for incident response and remediation.
Provide real-time analysis and troubleshooting for integrated security devices such as firewalls, EDR, antivirus, and XDR solutions.
6.Cyber Threat Monitoring:
Stay current on the latest cyber-attack methods, vulnerabilities, and threat landscapes.
Participate in threat hunting activities and investigate potential advanced persistent threats (APT) and other security incidents.
Qualifications:

Educational Requirements:
Graduate Engineer in Computer Science/IT/MCA with at least 3 years of relevant experience, or
BCA/B.Sc.-IT/B.Sc. (Computers) with a minimum of 3 years of relevant experience, or
B.Sc./B. Com/Diploma in Computer Science/IT with at least 4 years of experience in supporting and implementing security products.

Experience & Skills:
At least 3-6 years of experience with EDR/MDR solutions and security products like antivirus and endpoint protection.
Proficient in performing detailed investigations on security alerts, threat hunting, and conducting root cause analysis.
Hands-on experience in managing security incidents and tickets, including creating and dispatching them for resolution.
Knowledge of security devices such as firewalls, antivirus, EDR, XDR, and networking.
Understanding of IT security frameworks, trends, and compliance.
Familiarity with ITIL processes and best practices.
Experience with vulnerability assessments and mitigation.
Strong understanding of cybersecurity attacks and threats.

Preferred Competencies:
Ability to stay current on emerging threats and security trends.
Strong analytical and problem-solving skills.
Effective communication and teamwork skills.
Ability to work in a fast-paced environment with shifting priorities.