Security Incident Response Engineer

About Acrisure

A global fintech leader, Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together, we connect clients with customized solutions across a range of insurance, reinsurance, payroll, benefits, cybersecurity, mortgage services - and more.

In the last twelve years, Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 19,000 colleagues in more than 20 countries. Acrisure was built on entrepreneurial spirit. Prioritizing leadership, accountability, and collaboration, we equip our teams to work at the highest levels possible.

Job Summary:

Acrisure is seeking a Security Incident Response Engineer to join our growing team. The Security Incident Response Engineer - EDR will support the organization's security operations with a focus on endpoint detection and response (EDR) management and incident response activities. To succeed in this role, the candidate must be adept at coordinating and triaging security incidents, responding promptly and effectively to threats, and managing EDR toolsets at scale. The engineer will proactively monitor, analyze, and resolve security incidents involving endpoints, requiring high attention to detail and the ability to balance multiple urgent tasks. Key to this position is being a self-starter, consistently prioritizing critical tasks, and maintaining strong commitment to operational excellence.

Responsibilities:

• Detect, analyze, and respond to security incidents detected by EDR, SIEM, and Cloud Security tooling as well as MDR service providers.
• Lead or participate in investigation and containment efforts for both endpoint and identity related security threats.
• Develop and implement strategies to remove the root cause of the incident.
• Conduct forensic data acquisition, log analysis, and root cause determination for endpoint incidents.
• Develop and maintain incident response playbooks and runbooks specific to EDR technologies.
• Analyze security alerts and anomalies to determine if they represent actual security incidents.

EDR Deployment and Configuration

• Oversee deployment, configuration, and ongoing management of EDR on endpoints for comprehensive coverage.
• Monitor and tune alerting rules/policies to reduce false positives and ensure accurate threat detection.
• Maintain compliance measures by enforcing configuration to organizational standards.
• Provide training on EDR usage to incident response teams and end-users.
• Review security alerts, correlate event data, and identify risks to endpoints.
• Maintain integration of EDR tools with SIEM and other security solutions.
• Regularly review and update endpoint security policies based on threat intelligence and incident learnings.

Requirements

• Proficiency with leading Endpoint Detection and Response platforms (SentinelOne, Microsoft Defender, CrowdStrike, or other toolsets).
• Strong experience with incident response, digital forensics, and threat hunting on endpoints.
• Knowledge of endpoint operating systems (Windows, macOS, and Linux).
• Experience with scripting (PowerShell, Python, or Bash) for automation and log parsing.
• Excellent analytical and problem-solving skills; ability to work in high-pressure situations.
• Effective verbal and written communication abilities.
• Detail-oriented with strong organizational skills and the ability to handle multiple priorities.
• Ability to work independently and within a collaborative, team-oriented environment.

Education and Experience:

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related discipline (or equivalent experience).
• Minimum 3 years of progressive information security experience.
• At least 1-3 years focused on incident response, including hands-on EDR work.
• Expertise in Infrastructure Security: In-depth understanding of infrastructure security, including Windows, Active Directory, Unix/Linux, Mobile Security, and Privileged Access Management.
• Experience with Microsoft M365 security including Entra ID, Microsoft Defender for M365, and other toolsets is a plus.
• Relevant certifications (one or more preferred): GCFA, GCIH, CHFI, CySA+, or similar.

#LI-CH1

Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.

Why Join Us:

At Acrisure, we're building more than a business, we're building a community where people can grow, thrive, and make an impact. Our benefits are designed to support every dimension of your life, from your health and finances to your family and future.

Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children's Hospital in Grand Rapids, Michigan, UPMC Children's Hospital in Pittsburgh, Pennsylvania and Blythedale Children's Hospital in Valhalla, New York.

Employee Benefits

We also offer our employees a comprehensive suite of benefits and perks, including:

• Physical Wellness: Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.
  
• Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.
  
• Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.
  
• Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.
  
• ... and so much more!
  

This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.

Acrisure is an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, religion, sex, national origin, disability, or protected veteran status. Applicants may request reasonable accommodation by contacting leaves@acrisure.com.

California Residents: Learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy.

Recruitment Fraud: Please visit here to learn more about our Recruitment Fraud Notice.

Welcome, your new opportunity awaits you.