Monitor, triage, and investigate security alerts across platforms including SentinelOne (Vigilance), Field Effect Complete, Microsoft Defender, and ThreatLocker; Correlate events across multiple tools to identify true positives and reduce noise; Assist in response actions during security incidents (containment, isolation, remediation coordination); Participatein full incident lifecycle including investigation, response support, and post-incident documentation. Security Operations & Investigation Analyze endpoint, identity, and cloud activity to identify suspicious or malicious behavior; Perform targeted investigations and deeper analysis when required; Leverage available tools and data sources to validate alerts and determine impact; Support continuous improvement of monitoring and response processes. Multi-Client SOC Delivery (MSP Environment) Manage and prioritize alerts, incidents, and security tasks across multiple client environments; Ensure response timelines align with SLAs and client expectations; Adapt investigations and recommendations based on client maturity and environment. Client Onboarding & Security Implementation Participate with onboarding and deployment of security platforms (SentinelOne, Field Effect, Defender, ThreatLocker, dmarcian); Configure and support Microsoft 365 security controls (Defender, Conditional Access, Secure Score improvements); Implement and validate security baselines across endpoint, identity, and cloud environments; Maintain onboarding documentation and technical runbooks. Vulnerability Management & Remediation Review penetration test results and vulnerability findings; Translate findings into clear, actionable remediation steps (e.g., legacy protocols, exposed services, misconfigurations); Coordinate with internal teams (NOC, Service Desk, Web, Cloud) to execute remediation; Track and validate resolution of identified risks. Security Advisory & Client Engagement Provide practical security recommendations based on incidents, findings, and trends; Support vCIOs and account managers with technical input for client discussions and QBRs; Communicate risks and remediation steps to both technical and non-technical stakeholders; Work with security vendors to review platform capabilities, updates, and best practices; Identify opportunities to improve usage and effectiveness of deployed security tools; Contribute to SOC playbooks, documentation, and service improvements. The candidate must have: 3–5+ years of experience in cybersecurity, SOC operations, or MSP technical roles; Strong hands‑on experience with EDR/XDR platforms (e.g., SentinelOne, Microsoft Defender); Experience investigating real‑world security incidents (endpoint, identity, email, cloud); Good understanding of Microsoft 365 security (Defender, Conditional Access, Secure Score); Experience working with vulnerability remediation and security recommendations; Strong analytical and investigative mindset; Ability to independently triage and move investigations forward; Strong communication skills (technical and client‑facing); Ability to manage multiple priorities across different clients. Preferred Qualifications: Experience in an MSP or multi‑tenant SOC environment; Familiarity with Field Effect, dmarcian, ThreatLocker, or similar platforms; Experience working alongside MDR services (e.g., SentinelOne Vigilance); Understanding of email security (DMARC, SPF, DKIM); Exposure to penetration testing results and remediation workflows; Basic scripting or automation skills (PowerShell, Python); Understanding of common web security concepts (e.g., headers, TLS); Certifications such as Security+, CySA+, or equivalent (or willingness to pursue); Experience contributing to incident response processes or exercises. #J-18808-Ljbffr