Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Endpoint Extended Detection and Response

Good to have skills :

NA

Minimum

5

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: The CTEMaaS (Continuous Threat Exposure Management as a Service) Threat Management Specialist is responsible for leveraging CrowdStrike Falcon and associated modules to continuously identify, assess, prioritize, and drive remediation of cyber threats and exposures. This role ensures that vulnerabilities, misconfigurations, identity risks, and endpoint threats are managed proactively with a risk-based approach aligned to the organization's security strategy Roles & Responsibilities: -Drive the end-to-end Continuous Threat Exposure Management (CTEM) cycle: -Scoping Discovery Prioritization Validation Mobilization. -Continuously monitor the environment using CrowdStrike modules (e.g., Spotlight, Intel, Falcon Prevent, Falcon Discover, Identity Protection). -Identify exposures across endpoints, identities, cloud workloads, applications, and configurations. -Perform risk-based prioritization using threat intel, exploitability, business criticality, and CrowdStrike scoring -Analyze vulnerabilities, misconfigurations, privilege misuse, lateral movement risks, and identity exposures. -Utilize CrowdStrike Spotlight for vulnerability analytics and patch risk visibility. -Use CrowdStrike Identity Protection to assess identity-based attack paths, credential misuse, and AD exposure. -Correlate EDR alerts with exposure findings to determine active exploitation indicators. -Validate identified exposures by replicating attack scenarios using: - CrowdStrike indicators, threat intel, and MITRE ATT&CK alignment - Manual validation techniques where relevant - Work with threat intel teams to contextualize exposure significance based on current adversary trends. - Work closely with Infra, Cloud, Network, and Application teams to mobilize remediation plans. - Define prioritized action plans, compensating controls, and mitigation strategies. - Track and report remediation progress as per SLAs and risk tiers. - Provide guidance on patching, hardening, identity hygiene, and endpoint security improvements. - Build and maintain CTEM dashboards using Falcon console, ServiceNow, Splunk, or PowerBI. - Provide weekly/monthly threat exposure reports and executive summaries. - Present CTEM insights, remediation progress, and top risks to leadership and stakeholders. - Continuously enhance CTEMaaS operational processes based on maturity, tool capability, and threat landscape. - Recommend configuration optimizations within CrowdStrike (policies, exclusions, detections). - Participate in automation initiatives using APIs, scripting, or integration with SOAR/SIEM. Professional & Technical Skills: - CVE/CVSS scoring, exploitability, threat intel - MITRE ATT&CK mapping - AD/Identity security and endpoint security baselines - Experience working with remediation teams across infra, network, cloud, and applications. - Strong knowledge of OS hardening, patching cycles, endpoint security, and identity attack paths. - Security certifications: CrowdStrike CCSF / CCFA / CCFH, Security+, CEH, GCIA, GCIH. - Experience with CTEM frameworks (Gartner CTEM model, NIST CSF, ISO 27001). - Experience with automation using API, Python, PowerShell, or SOAR. - Knowledge of cloud security (Azure, AWS, GCP) and container exposures. Additional Information: - The candidate should have minimum 8 years of experience in Endpoint Extended Detection and Response. - This position is based at our Bengaluru office. - A 15 years full time education is required.




15 years full time education