Endpoint Detection & Response (EDR) Administrator

About This Role

The EDR Administrator ensures the continuous, secure operation of the agency's endpoint security capabilities, with primary responsibility for CrowdStrike Falcon (EDR) and associated Falcon modules. This role owns day-to-day platform administration, configuration governance, production testing, and integration support to enable rapid detection, investigation, and response across the enterprise endpoint environment. The EDR Administrator is critical to operational resilience in a continuously evolving threat landscape.

Responsibilities

• Administer CrowdStrike Falcon (tenant configuration, sensor health, policy sets, exclusions, groups/tags)
• Monitor service performance and endpoint coverage; remediate gaps and recurring agent issues
• Implement and maintain policies, prevention settings, and workflows aligned to federal guidelines and industry best practices
• Manage change control for configuration updates, including approvals, communications, and rollback readiness
• Develop and execute development and production test plans for Falcon components and configuration changes
• Validate new features/modules and conduct controlled rollouts (pilot rings, phased deployment, success criteria)
• Support Falcon components such as Identity Protection, Forensics, Cloud Workload Protection, Threat Intelligence, and workflow implementation
• Integrate EDR telemetry, alerts, and case workflows with enterprise security services (e.g., SIEM, SOAR, ticketing, identity, vulnerability management)
• Provide expert triage support for endpoint detections, containment actions, and investigative needs in coordination with SOC and endpoint teams
• Produce and maintain baselines, runbooks, SOPs, and knowledge articles; contribute to continuous improvement and lessons learned

Requirements

• 4+ years of direct experience administering EDR platforms (CrowdStrike preferred)
• 4+ years of hands-on experience in development and production testing of EDR platform components (Identity Protection, Forensics, Cloud Workload Protection, policy/workflow implementation, Threat Intelligence)
• Demonstrated experience integrating EDR components with other security systems and services
• Ability to configure EDR solutions to align with federal guidelines and industry best practices
• Strong experience developing security baselines, operational troubleshooting, and technical documentation
• Ability to obtain Public Trust clearance
• Legal authorization to work in the United States without employer sponsorship

Qualifications

• Bachelor's degree
• 4+ years of direct experience administering EDR platforms (CrowdStrike preferred)

Skills

* Required skills

Certifications