L2 - Security Engineer (EDR Solutions)

We are HCLTech, one of the world’s largest and fastest growing technology and DSA companies with over 227,000 professionals across 60 countries, driving progress through industry-leading capabilities focused on Digital, Engineering and Cloud. The driving force behind this work, our people, is a diverse, creative and passionate audience that enables us to continually raise the bar for excellence in our services. We strive to empower each of our professionals to achieve their best, while also striving to help them find their daily inspiration and become the best version of themselves. Job Title: L2 Security Engineer - EDR Solutions (CrowdStrike, Palo Alto XDR, Microsoft Defender for Endpoint, SentinelOne) Location: Hybrid, 24x7 Shifts Job Type: Full-Time (Rotational Shift Model, including weekends and holidays) Job Summary: As an L2 Security Engineer, you will be responsible for ensuring the smooth operation of EDR solutions by monitoring platform health, enforcing security policies, and troubleshooting endpoint issues across multiple EDR platforms including CrowdStrike, Palo Alto XDR, Microsoft Defender for Endpoint, and SentinelOne. Your role includes onboarding devices, validating security rules, handling basic policy enforcement issues, and ensuring that all endpoints remain compliant with security baselines. You will assist in resolving connectivity issues, missing telemetry cases, and agent health checks while escalating complex platform-related problems to L3. Key Responsibilities: · Ensure endpoints are successfully onboarded to EDR solutions across all platforms (Windows, macOS, Linux, iOS, Android). · Monitor endpoint connectivity and health status within the EDR portals. · Validate that security rules, EDR, and antivirus policies are applied correctly. · Assist in troubleshooting policy conflicts and enforcement issues. · Investigate and validate EDR alerts, classify threats, and escalate incidents if required. · Apply basic remediation steps like isolating devices, initiating scans, or triggering automated investigations. · Identify endpoints not reporting telemetry or experiencing EDR agent failures. · Perform basic troubleshooting (e.g., restarting services, re-onboarding devices, checking connectivity). · Escalate complex security incidents and persistent issues to L3. · Assist in preparing incident summaries and compliance reports for management. · Ensure endpoints are running the latest security patches and EDR updates. · Validate compliance with security baselines and recommend corrective actions. · Collaborate with global SOC, Threat Hunting, and Incident Response teams for critical security incidents. Required Skills & Knowledge: · Hands-on expertise in CrowdStrike, Palo Alto XDR, Microsoft Defender for Endpoint, and SentinelOne. · Ability to analyze malware behaviors, execute incident containment strategies, and escalate threats appropriately. · Scripting knowledge in PowerShell or Python (preferred). · Strong analytical, documentation, and communication skills. Work Environment & Shift Requirements: · 24x7 support model with rotational shifts (including nights, weekends, and holidays). · Ability to work in a fast-paced, high-pressure SOC environment. · Excellent collaboration and coordination with global cybersecurity teams. Preferred Certifications: · CrowdStrike Certified Falcon Administrator (CCFA) · Palo Alto Networks Certified Cybersecurity Associate (PCCSA) · Microsoft Certified: Security Operations Analyst Associate (SC-200) · SentinelOne Certified Administrator At HCLTech, we don’t just offer jobs — we offer journeys. Join a global team where your work drives innovation, your ideas matter, and your growth is supported every step of the way. Why Choose HCLTech? Be part of a purpose-led organization with a global footprint Collaborate with diverse teams across borders Work on cutting-edge technologies in enterprise integration Enjoy career mobility, continuous learning, and a culture of inclusion