Security Incident Response Engineer

About Acrisure

A global fintech leader Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together we connect clients with customized solutions across a range of insurance reinsurance payroll benefits cybersecurity mortgage services and more.

In the last twelve years Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 19000 colleagues in more than 20 countries. Acrisure was built on entrepreneurial spirit. Prioritizing leadership accountability and collaboration we equip our teams to work at the highest levels possible.

Job Summary:

Acrisure is seeking a Security Incident Response Engineer to join our growing team in (location). The Security Incident Response Engineer EDR will support the organizations security operations with a focus on endpoint detection and response (EDR) management and incident response activities. To succeed in this role the candidate must be adept at coordinating and triaging security incidents responding promptly and effectively to threats and managing EDR toolsets at scale. The engineer will proactively monitor analyze and resolve security incidents involving endpoints requiring high attention to detail and the ability to balance multiple urgent tasks. Key to this position is being a self-starter consistently prioritizing critical tasks and maintaining strong commitment to operational excellence.

Responsibilities:

• Detect analyze and respond to security incidents detected by EDR SIEM and Cloud Security tooling as well as MDR service providers.
• Lead or participate in investigation and containment efforts for both endpoint and identity related security threats.
• Develop and implement strategies to remove the root cause of the incident.
• Conduct forensic data acquisition log analysis and root cause determination for endpoint incidents.
• Develop and maintain incident response playbooks and runbooks specific to EDR technologies.
• Analyze security alerts and anomalies to determine if they represent actual security incidents.

EDR Deployment and Configuration

• Oversee deployment configuration and ongoing management of EDR on endpoints for comprehensive coverage.
• Monitor and tune alerting rules/policies to reduce false positives and ensure accurate threat detection.
• Maintain compliance measures by enforcing configuration to organizational standards.
• Provide training on EDR usage to incident response teams and end-users.
• Review security alerts correlate event data and identify risks to endpoints.
• Maintain integration of EDR tools with SIEM and other security solutions.
• Regularly review and update endpoint security policies based on threat intelligence and incident learnings.

Requirements

• Proficiency with leading Endpoint Detection and Response platforms (SentinelOne Microsoft Defender CrowdStrike or other toolsets).
• Strong experience with incident response digital forensics and threat hunting on endpoints.
• Knowledge of endpoint operating systems (Windows macOS and Linux).
• Experience with scripting (PowerShell Python or Bash) for automation and log parsing.
• Excellent analytical and problem-solving skills; ability to work in high-pressure situations.
• Effective verbal and written communication abilities.
• Detail-oriented with strong organizational skills and the ability to handle multiple priorities.
• Ability to work independently and within a collaborative team-oriented environment.

Education and Experience:

• Bachelors degree in Computer Science Information Security Cybersecurity or related discipline (or equivalent experience).
• Minimum 3 years of progressive information security experience.
• At least 1-3 years focused on incident response including hands-on EDR work.
• Expertise in Infrastructure Security: In-depth understanding of infrastructure security including Windows Active Directory Unix/Linux Mobile Security and Privileged Access Management.
• Experience with Microsoft M365 security including Entra ID Microsoft Defender for M365 and other toolsets is a plus.
• Relevant certifications (one or more preferred): GCFA GCIH CHFI CySA or similar.

#LI-CH1

Candidates should be comfortable with an on-site presence to support collaboration team leadership and cross-functional partnership.

Why Join Us:

At Acrisure were building more than a business were building a community where people can grow thrive and make an impact. Our benefits are designed to support every dimension of your life from your health and finances to your family and future.

Making a lasting impact on the communities it serves Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Childrens Hospital in Grand Rapids Michigan UPMC Childrens Hospital in Pittsburgh Pennsylvania and Blythedale Childrens Hospital in Valhalla New York.

Employee Benefits

We also offer our employees a comprehensive suite of benefits and perks including:

• Physical Wellness: Comprehensive medical insurance dental insurance and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.

• Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.

• Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.

• Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.

• and so much more!

This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.

Acrisure is an Equal Opportunity Employer. We consider qualified applicants without regard to race color religion sex national origin disability or protected veteran status. Applicants may request reasonable accommodation by contacting .

California Residents: Learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy .

Recruitment Fraud: Please visit here to learn more about our Recruitment Fraud Notice .

Welcome your new opportunity awaits you.