Senior Security Engineer

Position Summary

The Senior Security Engineer is responsible for monitoring, investigating, and responding to cybersecurity threats across the enterprise environment. This role leads complex security investigations, performs proactive threat hunting, and helps improve detection capabilities across endpoint, identity, and data security platforms. The position leverages technologies including CrowdStrike Falcon, Cyberhaven Data Detection and Response (DDR), and the Microsoft security ecosystem to protect organizational systems and sensitive data.

Key Responsibilities

• Monitor and investigate security alerts using CrowdStrike Falcon, Cyberhaven, and Microsoft security tools.
• Lead investigations of security incidents, including malware infections, account compromise, and potential data exfiltration.
• Conduct proactive threat hunting across endpoints, identities, and data activity.
• Utilize Microsoft Defender for Endpoint, Defender for Identity, Microsoft 365 Defender, Azure AD / Entra ID, and Microsoft Sentinel for security monitoring and analysis.
• Investigate endpoint telemetry and suspicious behavior through CrowdStrike Falcon EDR/XDR.
• Monitor and analyze sensitive data movement using Cyberhaven DDR.
• Develop detection logic, improve alert tuning, and assist in strengthening SOC processes.
• Mentor junior analysts and serve as an escalation point for complex investigations.

Required Qualifications

• 5+ years of experience in cybersecurity operations, incident response, or threat detection.
• Hands-on experience with CrowdStrike Falcon EDR/XDR.
• Experience with Cyberhaven Data Detection and Response (DDR) or similar data security platforms.
• Experience working with Microsoft security technologies, including:
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft 365 Defender
• Azure AD / Entra ID
• Microsoft Sentinel
• Strong understanding of:
• Incident response and threat investigation
• Endpoint detection and response (EDR)
• Threat hunting methodologies
• MITRE ATT&CK framework

Preferred Qualifications

• Experience with PowerShell, KQL, or Python.
• Experience investigating ransomware, insider threats, or advanced persistent threats (APT).
• Relevant certifications such as GCIH, GCIA, CISSP, Security+, or CrowdStrike Falcon certifications.