Senior SOC Engineer (EDR)

Overview

The SOC Senior Engineer (EDR) is a specialized highly skilled and experienced Senior SOC Engineer with deep expertise in Endpoint Detection and Response (EDR) technologies. This role will be responsible for managing, optimizing, and enhancing our EDR capabilities to ensure rapid detection, investigation, and response to endpoint threats across the organization.

Responsibilities

EDR Platform Management:

• Administer and maintain enterprise EDR solutions (e.g., CrowdStrike, Sentinel One, Microsoft Defender for Endpoint).
• Ensure optimal configuration, performance, and coverage across all endpoints.
• Define endpoint telemetry strategies, agent deployment models, and data retention policies.
• Ensure scalability, performance, and resilience of EDR infrastructure across hybrid environments.
  
  

Platform Deployment & Integration

• Lead deployment and configuration of EDR agents across diverse operating systems and environments.
• Integrate EDR with SIEM, SOAR, and threat intelligence platforms to enable automated detection and response.
  
  

Detection Engineering

• Develop and fine-tune custom detection rules, behavioral analytics, and response playbooks.
• Collaborate with threat hunters and incident responders to enhance detection logic and reduce false positives.
  
  

Operational Optimization

• Monitor EDR platform health, performance, and coverage.
• Conduct regular audits, tuning, and upgrades to maintain optimal functionality.
  
  

Incident Response Enablement

• Provide engineering support during endpoint-related security incidents.
• Working with the SOC Analysts to facilitate and effective Monitoring and analysis of EDR alerts to identify malicious activity.
• Align with Incident Responders to facilitate investigations into endpoint-related incidents and coordinate response efforts.
  
  

Documentation & Compliance

• Maintain detailed documentation of EDR architecture, configurations, and operational procedures.
• Ensure alignment with regulatory frameworks and internal security policies.
  
  

Use Case & Rule Development

• Develop and fine-tune detection rules, behavioral analytics, and response playbooks.
• Collaborate with threat intelligence, Incident Response, and SOC Monitoring teams to enhance detection capabilities.
  
  

Automation & Integration

• Integrate EDR with SIEM and SOAR platforms to streamline workflows.
• Automate response actions and containment procedures where applicable.
  
  

Reporting & Documentation

• Generate reports on EDR activity, threat trends, and system health.
• Maintain detailed documentation of configurations, procedures, and incident handling.
  
  

Collaboration & Mentorship

• Work closely with SOC analysts, IT, and security teams to improve endpoint security posture.
  
  

Qualifications

Years of Experience

A minimum of 5 years of experience in SOC operations, with significant experience in EDR Management

Prior experience in a technical role within a SOC or similar cybersecurity environment.

Education

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

Skills/Certifications

• Vendor certified EDR Engineer.
• Endpoint security concepts such as knowledge of persistence attack methods, malware detection indicators amongst others.
• Technical expertise in one or more of the leading EDR solutions such as Crowd Strike, Microsoft Defender, Sentinel One, Trend Micro etc.
• Cloud-related certifications like AWS Certified Solutions Architect, Google Professional Cloud Architect, or Microsoft Certified: Azure Solutions Architect Expert