Responsibilities:
Security Monitoring & Incident Response
- Monitor, triage, and investigate security alerts across platforms including SentinelOne (Vigilance), Field Effect Complete, Microsoft Defender, and ThreatLocker;
- Correlate events across multiple tools to identify true positives and reduce noise;
- Assist in response actions during security incidents (containment, isolation, remediation coordination);
- Participate in full incident lifecycle including investigation, response support, and post-incident documentation.
Security Operations & Investigation
- Analyze endpoint, identity, and cloud activity to identify suspicious or malicious behavior;
- Perform targeted investigations and deeper analysis when required;
- Leverage available tools and data sources to validate alerts and determine impact;
- Support continuous improvement of monitoring and response processes.
Multi-Client SOC Delivery (MSP Environment)
- Manage and prioritize alerts, incidents, and security tasks across multiple client environments;
- Ensure response timelines align with SLAs and client expectations;
- Adapt investigations and recommendations based on client maturity and environment.
Client Onboarding & Security Implementation
- Participate with onboarding and deployment of security platforms (SentinelOne, Field Effect, Defender, ThreatLocker, dmarcian);
- Configure and support Microsoft 365 security controls (Defender, Conditional Access, Secure Score improvements);
- Implement and validate security baselines across endpoint, identity, and cloud environments;
- Maintain onboarding documentation and technical runbooks.
Vulnerability Management & Remediation
- Review penetration test results and vulnerability findings;
- Translate findings into clear, actionable remediation steps (e.g., legacy protocols, exposed services, misconfigurations);
- Coordinate with internal teams (NOC, Service Desk, Web, Cloud) to execute remediation;
- Track and validate resolution of identified risks.
Security Advisory & Client Engagement
- Provide practical security recommendations based on incidents, findings, and trends;
- Support vCIOs and account managers with technical input for client discussions and QBRs;
- Communicate risks and remediation steps to both technical and non-technical stakeholders.
Platform & Vendor Collaboration
- Work with security vendors to review platform capabilities, updates, and best practices;
- Identify opportunities to improve usage and effectiveness of deployed security tools;
- Contribute to SOC playbooks, documentation, and service improvements.
The candidate must have:
- 3–5+ years of experience in cybersecurity, SOC operations, or MSP technical roles;
- Strong hands-on experience with EDR/XDR platforms (e.g., SentinelOne, Microsoft Defender);
- Experience investigating real-world security incidents (endpoint, identity, email, cloud);
- Good understanding of Microsoft 365 security (Defender, Conditional Access, Secure Score);
- Experience working with vulnerability remediation and security recommendations;
- Strong analytical and investigative mindset;
- Ability to independently triage and move investigations forward;
- Strong communication skills (technical and client-facing);
- Ability to manage multiple priorities across different clients.
Preferred Qualifications:
- Experience in an MSP or multi-tenant SOC environment;
- Familiarity with Field Effect, dmarcian, ThreatLocker, or similar platforms;
- Experience working alongside MDR services (e.g., SentinelOne Vigilance);
- Understanding of email security (DMARC, SPF, DKIM);
- Exposure to penetration testing results and remediation workflows;
- Basic scripting or automation skills (PowerShell, Python);
- Understanding of common web security concepts (e.g., headers, TLS);
- Certifications such as Security+, CySA+, or equivalent (or willingness to pursue);
- Experience contributing to incident response processes or exercises.
