Security Incident Response Engineer - EDR

About Acrisure  

A global fintech leader, Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together, we connect clients with customized solutions across a range of insurance, reinsurance, payroll, benefits, cybersecurity, mortgage services – and more.  

In the last eleven years, Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 19,000 colleagues in more than 20 countries. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win. 

Job Summary:  

The Security Incident Response Engineer – EDR will support the organization’s security operations with a focus on endpoint detection and response (EDR) management and incident response activities. To succeed in this role, the candidate must be adept at coordinating and triaging security incidents, responding promptly and effectively to threats, and managing EDR toolsets at scale. The engineer will proactively monitor, analyze, and resolve security incidents involving endpoints, requiring high attention to detail and the ability to balance multiple urgent tasks. Key to this position is being a self-starter, consistently prioritizing critical tasks, and maintaining strong commitment to operational excellence. 

Responsibilities: 

• Incident Response

• Detect, analyze, and respond to security incidents detected by EDR, SIEM, and Cloud Security tooling as well as MDR service providers. 

• Lead or participate in investigation and containment efforts for both endpoint and identity related security threats. 

• Develop and implement strategies to remove the root cause of the incident. 

• Conduct forensic data acquisition, log analysis, and root cause determination for endpoint incidents. 

• Develop and maintain incident response playbooks and runbooks specific to EDR technologies. 

• Analyze security alerts and anomalies to determine if they represent actual security incidents.  

• EDR Deployment and Configuration 

• Oversee deployment, configuration, and ongoing management of EDR on endpoints for comprehensive coverage. 

• Monitor and tune alerting rules/policies to reduce false positives and ensure accurate threat detection. 

• Maintain compliance measures by enforcing configuration to organizational standards. 

• Provide training on EDR usage to incident response teams and end-users.  

• Review security alerts, correlate event data, and identify risks to endpoints. 

• Maintain integration of EDR tools with SIEM and other security solutions. 

• Regularly review and update endpoint security policies based on threat intelligence and incident learnings.  

Requirements 

• Technical Skills 

• Proficiency with leading Endpoint Detection and Response platforms (SentinelOne, Microsoft Defender, CrowdStrike, or other toolsets). 

• Strong experience with incident response, digital forensics, and threat hunting on endpoints. 

• Knowledge of endpoint operating systems (Windows, macOS, and Linux). 

• Experience with scripting (PowerShell, Python, or Bash) for automation and log parsing. 

• Professional Skills 

• Excellent analytical and problem-solving skills; ability to work in high-pressure situations. 

• Effective verbal and written communication abilities. 

• Detail-oriented with strong organizational skills and the ability to handle multiple priorities. 

• Ability to work independently and within a collaborative, team-oriented environment. 

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related discipline (or equivalent experience). 

• Minimum 3 years of progressive information security experience. 

• At least 1-3 years focused on incident response, including hands-on EDR work. 

• Expertise in Infrastructure Security: In-depth understanding of infrastructure security, including Windows, Active Directory, Unix/Linux, Mobile Security, and Privileged Access Management.  

• Experience with Microsoft M365 security including Entra ID, Microsoft Defender for M365, and other toolsets is a plus. 

• Relevant certifications (one or more preferred): GCFA, GCIH, CHFI, CySA+, or similar. 

Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.  

Benefits and Perks: 

• Competitive compensation 

• Flexible vacation policy, paid holidays, and paid sick time  

• Medical Insurance, Dental Insurance, and Vision Insurance (employee-paid) 

• Company-paid Short-Term and Long-Term Disability Insurance 

• Company-paid Group Life insurance 

• Company-paid Employee Assistance Program (EAP) and Calm App subscription 

• Employee-paid Pet Insurance and optional supplemental insurance coverage 

• Vested 401(k) with company match and financial wellness programs 

• Flexible Spending Account (FSA), Health Savings Account (HSA) and commuter benefits options 

• Paid maternity leave, paid paternity leave, and fertility benefits 

• Career growth and learning opportunities 

• …and so much more! 

Not reflective of all benefits. Enrollment waiting periods or eligibility criteria may apply to certain benefits. Benefit details and offerings may vary for subsidiary entities or in specific geographic locations

Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children's Hospital in Grand Rapids, Michigan, UPMC Children's Hospital in Pittsburgh, Pennsylvania and Blythedale Children's Hospital in Valhalla, New York. 

​Welcome, your new opportunity awaits you. 

#LI-Onsite

#LI-RM

Pay Details 

Annual Salary: : $130,000 - $140,000

Acrisure is committed to employing a diverse workforce. All applicants will be considered for employment without attention to race, color, religion, age, sex, sexual orientation, gender identity, national origin, veteran, or disability status.  California residents can learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy available at www.Acrisure.com/privacy/caapplicant.
 

To Executive Search Firms & Staffing Agencies: Acrisure does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered Acrisure’s property, and Acrisure will not be obligated to pay a referral fee. This includes resumes submitted directly to Hiring Managers without contacting Acrisure’s Human Resources Talent Department.