What are the responsibilities and job description for the EDR Engineer I position at Foresite Cybersecurity?
Foresite is looking for an EDR Engineer I to join our Managed Services team and act act the frontline defender for our customers with managed EDR services. Your primary focus is the health, maintenance, tuning, and proactive monitoring of Endpoint Detection and Response (EDR) platforms. You will act as a point of escalation for EDR-related cases across industry-leading tools, ensuring that every managed environment is protected, healthy, and up-to-date.
What You'll Do:
In this role, you’ll take ownership of multi-console alert triage, agent health monitoring, and policy configuration. You will be responsible for maintaining a high-quality security posture across dozens of unique client networks while ensuring all endpoints follow strict behavioral detection baselines and organizational security policies.
Multi-Console Alert Triage & Incident Monitoring
At Foresite, we aren’t just another security provider—we are a mission-driven partner helping organizations navigate an increasingly complex threat landscape. Founded by passionate security practitioners, we’ve grown into a global leader in SecOps and MDR by staying true to our core value: radical transparency.
When you join Foresite, you are part of a "humans-first" culture where your expertise is valued, and your well-being is a priority. We leverage our Google Cloud Premier SecOps Partnership to stay at the cutting edge, but we know that our greatest asset is our people.
What We Offer:
What You'll Do:
In this role, you’ll take ownership of multi-console alert triage, agent health monitoring, and policy configuration. You will be responsible for maintaining a high-quality security posture across dozens of unique client networks while ensuring all endpoints follow strict behavioral detection baselines and organizational security policies.
Multi-Console Alert Triage & Incident Monitoring
- Tier 2 Support: Act as an escalation point for the analyst team on EDR-related cases across technologies including CrowdStrike, SentinelOne, Microsoft Defender, Cortex XDR, Cisco Secure Endpoint, and Carbon Black.
- Pattern Recognition: Analyze security incidents, logs, and process trees to distinguish between legitimate activity and potential threats.
- Incident Escalation: Gather forensic data (process IDs, file hashes, IP addresses) and escalate high-priority incidents to the Tier 3 Engineering team.
- Daily Health Monitoring: Conduct weekly console checkups to identify "silent" agents, offline hosts, or installation failures to ensure 100% fleet health.
- Policy & Exclusion Management: Assist senior engineers in fine-tuning security policies and configuring exclusions/whitelists to resolve software conflicts without compromising security.
- Agent Troubleshooting: Troubleshoot broken sensors and coordinate directly with client IT contacts for re-installations and remediation.
- Console Hygiene: Efficiently sort through low-severity alerts to close or escalate, keeping customer environments organized and actionable.
- Own the Queue: Manage incoming EDR-related support tickets, providing rapid response and clear technical communication to both internal teams and non-technical stakeholders.
- Data-Driven Insights: Pull weekly fleet health reports to demonstrate security posture and protection levels to our clients.
- Continuous Learning: Stay current with the MITRE ATT&CK framework and participate in knowledge sharing to improve detection engineering and response workflows.
- Experience: 1 years in a SOC, Systems Administration, or Cybersecurity role.
- OS Fundamentals: Strong foundational knowledge of Windows operating systems and basic troubleshooting.
- EDR Proficiency: Hands-on experience investigating alerts within an EDR solution and an understanding of how modern sensors collect telemetry.
- Analytical Mindset: A strong ability to analyze security alerts and logs to identify patterns, anomalies, and potential indicators of compromise (IoCs).
- Problem Solver: Ability to interpret vendor documentation to troubleshoot agent issues and software conflicts with business-critical applications.
- Service-Minded: Excellent technical communication skills with a "customer-first" mindset.
- Platform Knowledge: Experience with Google SecOps (Chronicle), SIEM solutions, or RMM tools.
- Certifications: Foundational security certs (e.g., CompTIA Security , SC-200, or vendor-specific EDR certs).
- Advanced Skills: Scripting/automation (PowerShell, Python, Bash) and experience with macOS or Linux devices.
- Specialized Experience: Threat hunting, identity management, phishing remediation, or EDR deployment/onboarding.
At Foresite, we aren’t just another security provider—we are a mission-driven partner helping organizations navigate an increasingly complex threat landscape. Founded by passionate security practitioners, we’ve grown into a global leader in SecOps and MDR by staying true to our core value: radical transparency.
When you join Foresite, you are part of a "humans-first" culture where your expertise is valued, and your well-being is a priority. We leverage our Google Cloud Premier SecOps Partnership to stay at the cutting edge, but we know that our greatest asset is our people.
What We Offer:
- Comprehensive Health & Wellness: Robust medical insurance options to keep you and your family healthy.
- Employer-Covered Insurance: We fully provide employer-paid Dental coverage, as well as Short-Term (STD) and Long-Term Disability (LTD).
- Generous Time Off: We believe in a true work-life balance. You’ll start with 3 weeks of paid vacation, plus additional sick leave and paid company holidays to ensure you have time to recharge.
- Growth & Mentorship: Access to world-class training and mentorship. We support your career trajectory, whether you’re looking to deepen your technical skills or move into leadership.
- Impactful Work: Help protect global clients using the latest AI-enhanced security tools and GCP native technologies.