SOC / EDR Incident Commander - Level 3

SOC / EDR Incident Commander - Level 3 Level 3 EDR Incident Commander and Subject Matter Expert responsible for final incident response decisions, advanced investigations, detection quality, and SOC maturity, with deep expertise in Microsoft Defender for Endpoint. Operating Model: SOC / 247 Roles & Responsibilities: Act as the final authority on incident response decisions, including threat confirmation, containment strategy, recovery actions, and incident closure. Review and validate L1 and L2 response actions, identifying missed indicators, blind spots, or incomplete scoping. Lead and advise on high-severity or complex incidents, coordinating response across SOC, SIRT, IT, and business stakeholders. Conduct or oversee advanced investigations, including malware analysis and digital forensics, guiding specialist teams when required. Identify root causes of incidents and define permanent corrective and preventive controls. Approve and execute endpoint isolation, threat removal, and rest...