Reviews alerts generated by SentinelOne and implements appropriate containment and mitigation measures
Analyzes payloads using JoeSandbox and escalates to the appropriate team as necessary
Collaborates with the Forensics team to conduct threat hunting using identified Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs)
Assists the Tiger Team in targeted collections of systems based on identified malicious activities in the clients environment
Conducts historical log reviews to support threat hunting efforts and ensures all malicious artifacts are mitigated in the SentinelOne console
Examines client-provided documents and files to supplement the SOC investigation and mitigation strategy
Conducts perimeter scans of client infrastructure and reports any identified vulnerabilities to the Tiger Team for appropriate escalation
Manages client-related tasks within the ConnectWise Manage ticketing system as part of the Client Handling Lifecycle
Creates user accounts in SentinelOne console for the client
Generates Threat Reports showcasing activity observed within the SentinelOne product
Executes passphrase exports as needed for client offboarding
Submits legacy installer requests to ensure the team is properly equipped for deployment
Provides timely alert notifications to the IR team of any malicious activity impacting our clients
Assists with uninstalling/migrating SentinelOne
Generates Ranger reports to provide needed visibility into client environments
Manages and organizes client assets (multi-site and multi-group accounts)
Applies appropriate interoperability exclusions relating to SentinelOne and client applications
Performs SentinelOne installation / interoperability troubleshooting as needed
Contributes to the overall documentation of SOC processes and procedures
Participates in Handler on Duty (HOD) shifts as assigned to support the TT client matters
Internally escalates support ticket / alerts to Tier II-IV Analysts as needed
May perform other duties as assigned by management
SKILLS AND KNOWLEDGE
Demonstrated knowledge of Windows and Unix operating systems
Thorough understanding of Digital Forensics and Incident Response practices
Proficiency in advanced analysis techniques for processing and reviewing large datasets in various formats
Familiarity with TCP/IP and OSI Model concepts at a basic level
Expertise in the Incident Response Life Cycle stages (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned)
Working knowledge of the MITRE ATTCK framework at an intermediate level
Proven ability to work independently and solve complex problems with little direction from management
Highly detail-oriented and committed to producing quality work
JOB REQUIREMENTS
Associate s degree and 6+ years of IT related experience or Bachelor s Degree and 2-5 years related experience
Current or previous knowledge of, or previous experience with, Endpoint Detection and Response (EDR) toolsets
General knowledge of the Incident Handling Lifecycle
Ability to communicate in both technical and non-technical terms both oral and written