Endpoint Detection & Response (EDR) Administrator

About This Role

The EDR Administrator ensures the continuous, secure operation of the agency's endpoint security capabilities, with primary responsibility for CrowdStrike Falcon and associated Falcon modules. This role manages day-to-day platform administration, configuration governance, production testing, and integration support to enable rapid detection, investigation, and response across the enterprise endpoint environment. This role is critical to maintaining platform health, improving detection fidelity, supporting troubleshooting and investigations, and adapting configurations and workflows as threats, technologies, and requirements evolve to safeguard endpoints and respond to incidents.

Responsibilities

• Administer CrowdStrike Falcon (tenant configuration, sensor health, policy sets, exclusions, groups/tags)
• Monitor service performance and endpoint coverage; remediate gaps and recurring agent issues
• Implement and maintain policies, prevention settings, and workflows aligned to federal guidelines and industry best practices
• Manage change control for configuration updates, including approvals, communications, and rollback readiness
• Develop and execute development and production test plans for Falcon components and configuration changes
• Validate new features/modules and conduct controlled rollouts (pilot rings, phased deployment, success criteria)
• Support Falcon components such as Identity Protection, Forensics, Cloud Workload Protection, Threat Intelligence, and workflow implementation
• Integrate EDR telemetry, alerts, and case workflows with enterprise security services (e.g., SIEM, SOAR, ticketing, identity, vulnerability management)
• Provide expert triage support for endpoint detections, containment actions, and investigative needs in coordination with SOC and endpoint teams
• Produce and maintain baselines, runbooks, SOPs, and knowledge articles; contribute to continuous improvement and lessons learned

Requirements

• 4+ years of direct experience administering EDR platforms (CrowdStrike preferred)
• Bachelor's degree
• Ability to obtain Public Trust clearance
• Legally authorized to work in the United States without employer sponsorship
• 4+ years of hands-on experience in development and production testing of EDR platform components
• Demonstrated experience integrating EDR components with other security systems and services
• Ability to configure EDR solutions to align with federal guidelines and industry best practices
• Strong experience developing security baselines, operational troubleshooting, and technical documentation

Qualifications

• Bachelor's degree
• 4+ years of direct experience administering EDR platforms (CrowdStrike preferred)

Skills

* Required skills

Certifications