Responsibilities:
Security Monitoring & Incident Response
• Monitor, triage, and investigate security alerts across platforms including SentinelOne (Vigilance), Field Effect Complete, Microsoft Defender, and ThreatLocker;
• Correlate events across multiple tools to identify true positives and reduce noise;
• Assist in response actions during security incidents (containment, isolation, remediation coordination);
• Participate in full incident lifecycle including investigation, response support, and post-incident documentation.
Security Operations & Investigation
• Analyze endpoint, identity, and cloud activity to identify suspicious or malicious behavior;
• Perform targeted investigations and deeper analysis when required;
• Leverage available tools and data sources to validate alerts and determine impact;
• Support continuous improvement of monitoring and response processes.
Multi-Client SOC Delivery (MSP Environment)
• Manage and prioritize alerts, incidents, and security tasks across multiple client environments;
• Ensure response timelines align with SLAs and client expectations;
• Adapt investigations and recommendations based on client maturity and environment.
Client Onboarding & Security Implementation
• Participate with onboarding and deployment of security platforms (SentinelOne, Field Effect, Defender, ThreatLocker, dmarcian);
• Configure and support Microsoft 365 security controls (Defender, Conditional Access, Secure Score improvements);
• Implement and validate security baselines across endpoint, identity, and cloud environments;
• Maintain onboarding documentation and technical runbooks.
Vulnerability Management & Remediation
• Review penetration test results and vulnerability findings;
• Translate findings into clear, actionable remediation steps (e.g., legacy protocols, exposed services, misconfigurations);
• Coordinate with internal teams (NOC, Service Desk, Web, Cloud) to execute remediation;
• Track and validate resolution of identified risks.
Security Advisory & Client Engagement
• Provide practical security recommendations based on incidents, findings, and trends;
• Support vCIOs and account managers with technical input for client discussions and QBRs;
• Communicate risks and remediation steps to both technical and non-technical stakeholders.
Platform & Vendor Collaboration
• Work with security vendors to review platform capabilities, updates, and best practices;
• Identify opportunities to improve usage and effectiveness of deployed security tools;
• Contribute to SOC playbooks, documentation, and service improvements.
The candidate must have:
• 3–5+ years of experience in cybersecurity, SOC operations, or MSP technical roles;
• Strong hands-on experience with EDR/XDR platforms (e.g., SentinelOne, Microsoft Defender);
• Experience investigating real-world security incidents (endpoint, identity, email, cloud);
• Good understanding of Microsoft 365 security (Defender, Conditional Access, Secure Score);
• Experience working with vulnerability remediation and security recommendations;
• Strong analytical and investigative mindset;
• Ability to independently triage and move investigations forward;
• Strong communication skills (technical and client-facing);
• Ability to manage multiple priorities across different clients.
Preferred Qualifications:
• Experience in an MSP or multi-tenant SOC environment;
• Familiarity with Field Effect, dmarcian, ThreatLocker, or similar platforms;
• Experience working alongside MDR services (e.g., SentinelOne Vigilance);
• Understanding of email security (DMARC, SPF, DKIM);
• Exposure to penetration testing results and remediation workflows;
• Basic scripting or automation skills (PowerShell, Python);
• Understanding of common web security concepts (e.g., headers, TLS);
• Certifications such as Security+, CySA+, or equivalent (or willingness to pursue);
• Experience contributing to incident response processes or exercises.