Role description
Role:
EDR Specialist (Multi-Platform EDR/XDR)
Experience:
3–6 Years | Full-Time
Role Summary
We are seeking an experienced EDR Specialist with strong hands-on expertise in managing and operating multi-vendor EDR/XDR platforms. The role focuses on platform administration, operational excellence, and enabling SOC teams to effectively detect, investigate, and respond to advanced threats across enterprise environments.
The candidate should have hands-on exposure to tools such as Trellix AV, CrowdStrike, SentinelOne and Microsoft Defender for Endpoint (MDE).
Key Responsibilities
1. EDR/XDR Platform Administration (Primary – ~70–80%)
- Administer and manage EDR platforms Trellix AV, CrowdStrike, SentinelOne and Microsoft Defender for Endpoint (MDE).
- Manage full endpoint agent lifecycle: deployment, upgrades, troubleshooting, and decommissioning
- Configure endpoint security policies, exclusions, prevention controls, and response mechanisms
- Perform proactive threat hunting using advanced detection techniques
- Build and tune custom detection rules to enhance out-of-the-box capabilities
- Manage RBAC, user access, device grouping, tagging, and organizational hierarchy
- Perform continuous agent health monitoring and ensure optimal endpoint coverage
- Fine-tune s to reduce false positives and minimize fatigue
2. Trellix EDR-Specific Responsibilities
- Administer and support Trellix AV / EPO server and Agent handlers
3. Operational & Incident Support
- Execute response actions such as host isolation, process termination, and file quarantine.
- Handle P1/P2 incident escalations and provide 24x7 operational support where required.
- Coordinate with IT, endpoint, and infrastructure teams for remediation activities
- Maintain incident documentation, evidence handling, and audit trails
4. Reporting, Governance & Stakeholder Management
- Develop executive and operational reports (daily/weekly/monthly).
- Present insights and recommendations to stakeholders and customers
- Support audits with configuration evidence and operational documentation.
- Coordinate with IT, endpoint, and infrastructure teams for remediation activities
- Maintain incident documentation, evidence handling, and audit trails
Required Skills & Experience
- 3–6 years of hands-on experience in EDR/XDR platform administration
- Strong expertise in at least two tools: Trellix AV (mandatory), CrowdStrike, SentinelOne, MDE.
- Experience in agent deployment, troubleshooting, and platform tuning.
- Strong knowledge of endpoint OS: Windows, Linux, macOS.
- Experience with SIEM/SOC workflows and integrations
- Strong troubleshooting, communication, and stakeholder management skills
Skills
endpoint detection and response,splunk,extended detection and response,incident response,
About UST
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.
