Security Specialist - EDR - Mumbai

Job Title: Endpoint MSS L2 Reports To: MSS Team Lead Job Location: Kandivali, MumbaiJob Type: Full-TimeJob SummaryThe Endpoint MSS L2 is responsible for advanced endpoint security analysis, incident response, and proactive threat hunting within the managed security services (MSS) environment. The role involves deep-dive investigations, managing complex incidents, and mentoring L1 analysts. An L2 Analyst ensures endpoint security tools are effectively utilized to detect, respond to, and prevent endpoint threats, aligning with organizational security objectives.Tools: EDR, Mailing Gateway, DLP, VPN, Proxy setup, Network security tool: Firewall, IPS, WAFKey ResponsibilitiesIncident Response

• Lead the investigation and remediation of complex endpoint security incidents, proxy, DLP, VPN, Mailing gateway
• Perform root cause analysis of advanced threats and recommend containment and recovery measures.
• Collaborate with IT and SOC teams to resolve escalated incidents from L1 analysts.

Threat Hunting and Analysis

• Conduct proactive threat hunting using Endpoint Detection and Response (EDR) tools like SentinelOne, CrowdStrike, or similar solutions.
• Analyze malware behavior, including static and dynamic analysis.

Endpoint Security Operations

• Ensure optimal configuration of endpoint security tools(EDR, DLP, mailing gateway) to enhance detection capabilities.
• Review and fine-tune policies and rules within endpoint security platforms.
• Coordinate with vendors for troubleshooting or enhancement of endpoint security solutions.

Documentation and Reporting

• Document detailed findings, actions taken, and lessons learned for each incident.
• Prepare periodic security reports and contribute to compliance audits.
• Maintain and update incident response playbooks and standard operating procedures (SOPs).

Mentorship and Knowledge Sharing

• Guide and mentor L1 analysts to enhance their skills and understanding of endpoint security.
• Provide training sessions or knowledge-sharing workshops on endpoint security best practices.

Collaboration and Coordination

• Work closely with SOC, threat intelligence, and vulnerability management teams to improve overall security posture.
• Escalate unresolved or critical incidents to L3 or security engineering teams.

Required QualificationsEducation

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Certifications (Preferred)

• CEH (Certified Ethical Hacker), CCNA, EDR-focused certifications (e.g., Certified SentinelOne Analyst, CrowdStrike Certified Expert), GIAC Certified Incident Handler (GCIH), or equivalent.

Technical Skills

• Strong knowledge of endpoint security tools and EDR platforms like SentinelOne, CrowdStrike, Carbon Black, etc.
• Hands-on experience with malware analysis, reverse engineering, and threat hunting techniques.
• Proficiency in scripting (e.g., Python, PowerShell) for automating tasks.
• Familiarity with MITRE ATT&CK Framework and its application in threat detection.
• Experience analyzing logs and alerts using SIEM platforms.

Soft Skills

• Excellent problem-solving and critical-thinking abilities.
• Strong communication and teamwork skills, with the ability to articulate technical details to non-technical stakeholders.
• Proactive and detail-oriented with a focus on continuous improvement.

Preferred Experience

• 3-5 years of experience in endpoint security, incident response, or SOC roles.
• Hands-on experience in MSS or similar managed service environments.

Work Schedule

• Mostly week days but support on weekends as well (sometimes)