Senior Analyst @ Inspira Enterprise

Maintain and support enterprise XDR platform (Cortex XDR)
Deploy, configure, and update EDR agents across various OS platforms (Windows, Linux, macOS).
Ensure agent health, coverage, and telemetry across all endpoints.
Troubleshoot platform-related issues and escalate unresolved problems to L3/vendor as needed.
Monitor platform health, license utilization, and update compliance.
Create and maintain detection and prevention policies, exclusion lists, and custom rules.
Optimize EDR policies to reduce false positives without compromising security.
Work with incident response and SOC teams to enhance detection capabilities.
Assist in the triage and response to endpoint-related incidents
Provide context and logs from EDR and perform investigations and root cause analysis.
Integrate EDR solutions with SIEM, SOAR, and ITSM tools for alert forwarding and automation.
Support EDR-related scripts and automation efforts (PowerShell, Python, etc.).
Participate in patching and upgrade activities for EDR console and agents.
Maintain updated documentation on configurations, SOPs, and operational playbooks.
Ensure endpoint policies comply with internal security standards and industry regulations.
Conduct proactive threat hunting across enterprise endpoints using EDR tools and telemetry.
Leverage behavioral analytics and threat intelligence to uncover stealthy threats and anomalies.
Identify gaps in endpoint telemetry and recommend improvements to detection logic or data collection.
Investigate EDR alerts and security incidents to determine root cause, impact, and mitigation steps.
Perform endpoint triage including memory, disk, and process analysis using EDR tools.
Escalate complex incidents to L3 or IR teams with detailed analysis and context.
Collaborate in containment, eradication, and recovery efforts during active incidents.