Endpoint Detection & Response; EDR Administrator

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Recruiting for this role ends on May 31, 2026.

The EDR Administrator ensures the continuous, secure operation of the agency’s endpoint security capabilities, with primary responsibility for Crowd Strike Falcon (EDR) and associated Falcon modules. This role owns day-to-day platform administration, configuration governance, production testing, and integration support to enable rapid detection, investigation, and response across the enterprise endpoint environment.

In today’s evolving threat landscape, the agency must proactively safeguard endpoints and respond quickly to incidents. The EDR Administrator is critical to operational resilience—maintaining platform health, improving detection fidelity, supporting troubleshooting and investigations, and adapting configurations and workflows as threats, technologies, and requirements evolve.

Administer Crowd Strike Falcon (tenant configuration, sensor health, policy sets, exclusions, groups/tags).

Monitor service performance and endpoint coverage; remediate gaps and recurring agent issues.

Implement and maintain policies, prevention settings, and workflows aligned to federal guidelines and industry best practices.

Manage change control for configuration updates, including approvals, communications, and rollback readiness.

Develop and execute development and production test plans for Falcon components and configuration changes.

Validate new features/modules and conduct controlled rollouts (pilot rings, phased deployment, success criteria).

Support Falcon components such as Identity Protection, Forensics, Cloud Workload Protection, Threat Intelligence, and workflow implementation as applicable.

Integrate EDR telemetry, alerts, and case workflows with enterprise security services (e.g., SIEM, SOAR, ticketing, identity, vulnerability management).

Troubleshoot data pipelines, alert routing, and enrichment to improve investigation speed and accuracy.

Provide expert triage support for endpoint detections, containment actions, and investigative needs in coordination with SOC and endpoint teams.

Resolve complex platform issues (policy conflicts, performance impacts, false positives/negatives) and drive root-cause fixes.

Produce and maintain baselines, runbooks, SOPs, and knowledge articles; contribute to continuous improvement and lessons learned

Deloitte’s Government & Public Services (GPS) practice – our people, ideas, technology and outcomes – is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.

Our Cyber Defense & Resilience offering assists clients in defending against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. Helps manage and protect dynamic attack surfaces and provides rapid crisis and cyber incident response, ensuring clients can be ready for, respond to, and recover from business disruptions.

The Project Delivery Talent Model is designed for professionals with specialized skills that align to a current client need. Team members focus on delivering services to clients, without additional expectations related to business development or promotion. Their employment is tied to their role on a project, and they are eligible for a benefits package that is competitive for project delivery-focused professionals.

4+ years of…