IT - Consultant | Infrastructure Security | ...

POC: Raju Job Details: Job title: CrowdStrike EDR SME - Sr. Architect level role Work Location with Zip code: Richardson, TX 75082 Duration of the project: 6 Months • This role requires any travel (Yes/No): NO • Please confirm if this would be onsite from day one OR Initial remote for 2-3 months, and then expect the candidate to work from the office OR 100% Remote: Remote • Is this a 100% remote role? yes • Vendor rate range: market rate • Minimum years of experience required: 10+ Years • Would you require the candidates to meet you for an in-person interview?: Video/Virtual Interview • Education Qualification required: BE CrowdStrike EDR SME CrowdStrike EDR Admin tasks: 1. CrowdStrike EDR Administration: Custom IOAs, sensor upgrades, policy management, and Endpoint Security / IDP module ownership. 2. Detection Engineering: Migrated low fidelity Windows event log detections to high fidelity CrowdStrike IOA and Splunk use cases. 3. Incident Response & Threat Management: Endpoint investigation, containment, remediation, and IOC lifecycle management. 4. Integrations & Automation: Splunk and SOAR integrations with automated triage and response workflows. Project: (CrowdStrike EDR Optimization). 1. Evaluate existing CrowdStrike EDR detection rules and enhance them for improved coverage, leveraging Splunk telemetry to validate effectiveness. 2. Replace low-fidelity Windows Event Log based Detections with Detection Rules built on Custom CrowdStrike IOAs 3. Develop and formalize a comprehensive CrowdStrike operational framework and process model to strengthen EDR governance, tuning, and lifecycle management. 4. Analyze CrowdStrike telemetry and provide recommendations for optimizing Splunk log ingestion, with a focus on reducing redundant or low value events. Key Responsibilities 1. EDR & CrowdStrike Administration a) Designed, implemented, and maintained Custom Indicator of Attack (IOA) rules to detect advanced adversary techniques aligned with MITRE ATT&CK. b) Managed CrowdStrike Falcon sensor lifecycle, including agent upgrades, version validation, health monitoring, and deployment troubleshooting. c) Administered and optimized CrowdStrike modules including: • Endpoint Security (EPP) • Identity Protection (IDP) • Threat Intelligence & Prevention Policies d) Performed sensor policy configuration and updates across environments (Prod / Non-Prod) with controlled rollout and impact analysis. 2. Detection Engineering & Use Case Development a) Migrated low-fidelity Windows Event Log-based detections (e.g., scheduled tasks, registry persistence, PowerShell abuse) into high-fidelity CrowdStrike IOA-based detections. b) Built and maintained Splunk detection use cases leveraging CrowdStrike telemetry, Windows logs, and endpoint signals. c) Tuned detections to reduce false positives while maintaining strong coverage for persistence, execution, lateral movement, and privilege escalation techniques. 3. Incident Response & Containment a) Conducted endpoint investigations using CrowdStrike Falcon console (process trees, command-line analysis, file activity). b) Executed response and containment actions, including host containment, process termination, file quarantine, and real-time response (RTR). c) Supported SOC and IR teams during active incidents with endpoint-level forensic analysis. 4. IOC & Threat Intelligence Management d) Managed IOC ingestion, validation, and lifecycle (hashes, IPs, domains) within CrowdStrike and integrated platforms. e) Correlated IOCs with endpoint telemetry and external threat intelligence feeds to enhance detection coverage. f) Ensured IOC policies were properly scoped to avoid operational impact. 5. SOAR, Integrations & Automation a) Collaborated on SOAR playbook design and execution for automated alert triage, enrichment, and response. b) Integrated CrowdStrike with Splunk SIEM, SOAR platforms, and other security tools for end-to-end visibility. c) Automated response workflows for common attack scenarios (malware, suspicious PowerShell, persistence techniques). Skills & Tools: 1. EDR Platforms: CrowdStrike Falcon (EPP, IDP, IOA, RTR), Cisco AMP 2. SIEM & SOAR: Splunk Use case (ES), SOAR platforms (playbook understanding and tuning) 3. Detection Engineering: Windows internals, command-line analysis, persistence mechanisms 4. Frameworks: MITRE ATT&CK 5. Response: Endpoint containment, remediation, and investigation Soft Skills: 1. Strong analytical and problem-solving skills. 2. Excellent communication and documentation abilities. 3. Ability to work independently and as part of a team.

Created: 2026-03-04