Who We Are
At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.
The Role
1. Endpoint Monitoring & Threat Detection
Continuously monitor endpoint telemetry for Indicators of Attack (IOAs) and Indicators of Compromise (IOCs) using CrowdStrike Falcon Insight.
Validate and triage alerts to differentiate between false positives and genuine threats.
Escalate confirmed or high-severity incidents to L2/L3 SOC teams for containment and eradication.
Maintain vigilance on endpoint behaviors, process trees, and network connections to identify anomalous or malicious activities.
2. Incident Investigation & Real-Time Response
Utilize CrowdStrike Real Time Response (RTR) for deep investigation and live remediation of active threats directly on endpoints without impacting business operations.
Execute containment actions (e.g., network isolation, process termination, file quarantine) as per SOC escalation workflows.
Conduct detailed forensic analysis to determine root causes, infection vectors, and lateral movement paths.
Provide incident reports with actionable remediation steps and long-term preventive recommendations.
3. Platform Administration & Troubleshooting
Monitor the health and performance of EDR sensors across all managed endpoints (servers, laptops, VMs).
Troubleshoot sensor communication and log ingestion issues, working closely with endpoint support teams to ensure full telemetry coverage.
Collect diagnostic logs, perform RCA, and apply sensor policy optimizations to ensure continuous protection.
Manage support cases with CrowdStrike Technical Support for unresolved or platform-level technical issues.
Maintain detailed documentation of known issues, configuration baselines, and best practices for deployment and policy management.
4. Threat Hunting & Intelligence Correlation
Conduct proactive threat hunting leveraging Falcon’s real-time and historical data to uncover undetected threats and emerging attack patterns.
Correlate endpoint behaviors with CrowdStrike Adversary Intelligence and known threat actor TTPs (MITRE ATT&CK framework).
Collaborate with Threat Intelligence teams to enhance detection logic, IOC libraries, and hunting methodologies.
Develop custom queries, detection rules, and hunting dashboards within Falcon and integrated SIEM platforms.
5. Governance, Reporting & Compliance
Participate in monthly and quarterly governance forums to present EDR performance metrics, incident summaries, and SLA adherence.
Track and report EDR coverage, alert trends, mean time to detect (MTTD), mean time to respond (MTTR), and incident closure rates.
Ensure compliance with internal security standards, data protection policies, and regulatory frameworks (e.g., ISO 27001, SOC 2, GDPR).
Contribute to executive dashboards, audit documentation, and Power BI reports reflecting endpoint security posture and operational KPIs.
Support internal and external audit requests by maintaining comprehensive logs, change records, and investigation evidence.
6. Integration & Automation
Collaborate with SOC, SIEM, DLP, and Cloud Security teams to ensure endpoint telemetry is effectively integrated into broader detection and response ecosystems.
Support development and enhancement of automation playbooks that leverage EDR data for faster triage and containment.
Work with engineering and automation teams to align EDR telemetry with GenAI-driven enrichment, enabling predictive analysis and smart alert summarization.
Contribute to the continuous improvement of CDC operations through cross-functional knowledge sharing and automation of repetitive tasks.
7. Continuous Improvement & Innovation
Identify opportunities to optimize detection logic, improve response workflows, and enhance platform performance.
Evaluate new EDR capabilities, modules, or integrations (e.g., Falcon Discover, Falcon X) and recommend adoption strategies.
Conduct training sessions, tabletop exercises, and knowledge transfers to strengthen SOC and endpoint response maturity.
Stay current with emerging threats, TTPs, and EDR advancements, ensuring continuous alignment with global best practices.
Who You Are
7–10 years of experience in endpoint security or SOC operations, with 3–5 years hands-on experience in CrowdStrike Falcon or equivalent EDR platforms.
Strong understanding of endpoint forensics, malware analysis, and threat hunting methodologies.
Practical experience with incident response, triage, and live remediation using RTR or equivalent tools.
Familiarity with MITRE ATT&CK, NIST Incident Response Framework, and IOC/IOA analysis.
Experience working in SOC, CDC, or Managed Security Service (MSSP) environments.
Knowledge of Windows internals, registry, file systems, and process management.
Being You
Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way.
What You Can Expect
With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.
Get Referred!
If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.