Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Endpoint Extended Detection and Response

Good to have skills :

NA

Minimum

5

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: We are seeking a Lead EDR Engineer with expertise in Microsoft Defender for Endpoint (MDE) to lead its implementation, administration, and incident response. As the MDE expert, you will manage enterprise-wide deployment, optimize configurations, guide incident response efforts, and drive endpoint security strategy in collaboration with cross-functional teams. You will lead EDR strategy design, mentor security teams, and drive defense against advanced threats using MITRE ATT&CK-aligned frameworks. Roles & Responsibilities: -Lead deployment and configuration of Microsoft Defender for Endpoint across all supported platforms. -Customize and manage endpoint security policies, attack surface reduction rules, and threat protection settings. -Monitor security alerts and endpoint telemetry to detect and analyze threats. -Conduct investigations using Microsoft 365 Defender and advanced hunting (KQL) capabilities. -Respond to incidents by initiating remediation actions (e.g., isolate endpoints, remove malware, collect forensic data/Artifacts). -Collaborate with the SOC to provide timely incident resolution and root cause analysis. -Tune detection rules and policies to reduce false positives and enhance protection. -Maintain up-to-date documentation, playbooks, and response procedures. -Provide recommendations to improve the organization's endpoint security posture. -Mentor junior analysts and engineers on best practices for MDE and incident response workflows. -Provide executive-level reporting on threat trends, incident metrics, and risk posture. -Perform gap analysis on endpoint security to identify and address areas of improvement. -Build and maintain SOAR playbooks to auto-contain threats (e.g., isolate devices, revoke tokens). -Stay current on emerging threats and align defense strategies with frameworks like MITRE ATT&CK. Professional & Technical Skills: -6-8+ years of experience in MDE/EDR implementations and security operations. -Strong background in SOAR automation (Microsoft Logic Apps). -Deep technical knowledge of endpoint protection, threat detection, and incident response workflows. -Proficiency in Microsoft security stack: M365 Defender, Intune, Azure AD, and Sentinel. -Strong command of KQL for custom detections and threat hunting. -Experience with scripting (PowerShell), automation, and EDR tooling integrations is a plus. -Experience with Halcyon and CrowdStrike EDR is a plus and considered an added advantage. - Prefered Certifications SC-200: Microsoft Security Operations Analyst,SC-100: Microsoft Cybersecurity Architect,AZ-500: Microsoft Azure Security Technologies,MITRE ATT&CK Defender (MAD) certs,CISSP, CEH, or equivalent industry certifications Additional Information: - The candidate should have minimum 5 years of experience in Endpoint Extended Detection and Response. - This position is based at our Bengaluru office. - A 15 years full time education is required.




15 years full time education