Security Operations Administrator

About The Position

Requirements

• 3+ years of experience in security administration, SOC operations, or security incident response
• Hands-on experience with Mimecast
• Hands-on experience with KnowBe4 / phishing remediation workflows
• Hands-on experience with Sophos EDR/XDR and Intercept X
• Hands-on experience with Microsoft 365 security and sign-in risk analysis
• Understanding of security incident response workflows
• Understanding of endpoint and network security concepts
• Understanding of identity and access management fundamentals
• Experience reviewing and analyzing security alerts and event data
• Strong documentation and communication skills
• Ability to work independently and manage daily operational responsibilities efficiently

Responsibilities

• Review and respond to security alerts and tickets generated from the client’s monitoring and security platforms
• Investigate and triage alerts related to: Endpoint security events, Email threats and phishing activity, Suspicious authentication attempts, Firewall and network security events
• Perform incident response activities including: Documentation, Initial remediation actions, Escalation and coordination, Post-mortem reporting
• Validate email and phishing-related incidents using Mimecast, KnowBe4 / PhishER / PhishRip workflows
• Monitor and respond to endpoint alerts within Sophos EDR/XDR, Sophos Intercept X Advanced
• Investigate identity and authentication alerts from Microsoft environments, including: Sign-in risk events, Suspicious token or authorization activity, IP/location anomalies
• Support security investigations involving Sophos firewall alerts, Fortinet networking environments, MFA and authentication platforms (including YubiKey environments)
• Coordinate with client help desk and infrastructure teams for remediation support and escalation handling
• Maintain accurate documentation of incidents, actions taken, and recommendations