Description:
Key Responsibilities:
1. Implementation & Deployment:
- Design, configure, and deploy Microsoft Defender for Endpoint (MDE) on Linux and other operating systems.
- Integrate Defender EDR with SIEM/SOAR solutions (e.g., Microsoft Sentinel, Splunk, QRadar).
- Ensure successful agent installation, Testing and validation, configuration, and troubleshooting across Linux-based endpoints.
- Optimize Defender EDR policies and settings for threat prevention and detection.
2. Security Operations & Threat Detection:
- Monitor, analyse, and investigate security events and alerts generated by Defender EDR.
- Conduct forensic analysis on Linux systems during security incidents.
- Fine-tune Defender EDR rules and detections to minimize false positives and improve response capabilities.
- Work closely with the SOC team to enhance threat hunting and incident response.
3. Integration & Automation:
- Integrate Defender EDR with cloud security solutions (e.g., Azure Security Centre, AWS Security Hub).
- Develop and implement automation scripts (Bash, Python, PowerShell) to streamline security operations.
- Assist in compliance reporting and ensure adherence to industry security standards (e.g., ISO 27001, NIST, CIS Benchmarks).
4. Troubleshooting & Support:
- Diagnose and resolve Linux endpoint security issues related to Defender EDR.
- Collaborate with Microsoft support and internal IT teams for advanced troubleshooting.
- Provide technical documentation and user training on Defender EDR deployment and best practices.
Required Skills & Qualifications:
- Strong experience with Linux systems (Ubuntu, RHEL, CentOS, Debian, etc.).
- Hands-on experience with Microsoft Defender for Endpoint (MDE) deployment and management.
- Proficiency in endpoint security tools, EDR, and XDR solutions.
- Knowledge of threat intelligence, malware analysis, and intrusion detection.
- Experience with SIEM/SOAR integration (Microsoft Sentinel, Splunk, etc.).
- Familiarity with network security principles and log analysis.
- Proficiency in Bash scripting, Python, or PowerShell.
- Experience in automating EDR deployment, monitoring, and security operations.
- Understanding of security frameworks like MITRE ATT&CK, NIST, CIS Benchmarks.
- Knowledge of incident response processes and threat hunting methodologies.
- Strong problem-solving and troubleshooting abilities.
- Excellent communication skills for collaboration with security teams.
- Ability to work in a fast-paced, security-driven environment.
Preferred Qualifications:
- Microsoft Security Certifications (e.g., SC-200: Microsoft Security Operations Analyst).
- Linux certifications (RHCE, LFCS, LPIC-1/2).
- Cloud security experience with Azure, AWS, or Google Cloud.