Key Responsibilities
- Endpoint Protection: Deploy, configure, and maintain EDR/XDR solutions (e.g., CrowdStrike, Microsoft Defender, SentinelOne) across Windows, macOS, and Linux endpoints.
- Server Hardening: Implement and enforce security baselines on physical and virtual servers (Windows Server, RHEL, Ubuntu), including vulnerability remediation and patch management.
- Threat Detection & Response: Monitor alerts, conduct triage, and lead investigations for endpoint- and server-based incidents; collaborate with SOC analysts to contain and remediate threats.
- Security Tool Management: Oversee lifecycle management of antivirus, antimalware, EDR/XDR, and host-based firewalls; integrate tools with SIEM and orchestration platforms.
- Policy & Process Development: Define and document standard operating procedures, security policies, and response playbooks for infrastructure protection.
- Automation & Reporting: Build automation scripts (PowerShell, Bash, Python) for patch deployment, remediation workflows, and routine health checks; generate regular reports on security posture and compliance metrics.
- Collaboration & Training: Partner with cross-functional teams to embed security best practices into system architecture and day-to-day operations; deliver training sessions and knowledge-sharing workshops.
Qualifications & Skills
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
- 5+ years' hands-on experience with endpoint protection and server hardening in enterprise environments.
- Strong expertise in at least one EDR/XDR platform (e.g., CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne).
- Solid understanding of server operating systems (Windows Server, RHEL, Ubuntu) and configuration management tools (Ansible, Puppet, SCCM).
- Proficiency in scripting (PowerShell, Bash, or Python) for automation tasks.
- Familiarity with vulnerability assessment tools (e.g., Nessus, Qualys) and patch management processes.
- Experience integrating security tools with SIEM (Splunk, QRadar, Azure Sentinel) is highly desirable.
- Excellent problem-solving skills, attention to detail, and the ability to communicate technical concepts to non-technical stakeholders.
EA Licence No: 11C5502 | EAP Registration No: R1106192
