Job Description:
Experience with the following scripting tools: Python, Json, Powershell and Bash.
Responsibilities:
- – Collaborate with the Sales team to discuss customer requirements and success criteria to deliver.
- – Install, configure, and deploy endpoint agents, network sensors, and other components of the XDR solution.
- – Integrate XDR with customer SaaS applications, APIs and leverage XDR to deliver customer requirements.
- – Analyse security alerts and build investigations.
- – Manage the team and assign respective tasks and lead the incident investigation in case of critical incidents.
- – Single point of contact for customers during the PoC deployment and testing process.
- – Maintain documentation related to the deployment and configuration of XDR.
- – Have regular calls with the customer to initiate the PoC, provide regular updates and a conclusion call.
- – Collaborate with Product Engineering on new capabilities and configuration options.
- – Analyze and identify areas of improvement with management and related operations processes, procedures, and documentation.
- – Understand the current Cybersecurity Platform application infrastructure.
- – Continuously learn and stay up-to-date on the latest technologies, tools, and methodologies related to XDR and endpoint/network security.
Qualifications:
- – Excellent communication skills and proficiency in English.
- – Solid presentation skills.
- – Hands-on admin experience with automation integrations with for example ITSM’s such as ServiceNow and Zendesk; Pagerduty; Atlassian products and others.
- – Effective troubleshooting mindset and problem-solving skills to resolve system, script and functional errors.
- – Hands-on experience with EDR and/or AI based Next Generation AV solutions (EPP).
- – Experience with leveraging threat intelligence.
- – Security event and alert analysis.
- – Incident investigations and response.
- – Running custom search queries and creating suppression rules.
- – Threat Hunting.
- – Experience with commonly used cloud services (VPC, EC2, S3, Azure Compute and Firewall).
- – SaaS API integrations (Crowdstrike, SentinelOne, Office 365, OKTA).
- – Log integrations (VPC flow logs, Azure Eventhub).
- – Containers and Serverless Computing.
- – Setting up SOAR integrations with 3rd party platforms (e.g. PagerDuty, ServiceNow, Microsoft Teams).
- – Endpoint Agent deployment.
- – Firewalls integrations (Palo Alto, ASA, Check Point, Sophos XG, etc).
- – Configuring log forwarding for other common security controls (e.g. IDS, AD, Proxies, etc.).
- – Administration of Windows, Linux and Mac.
- – TCP/IP networking and routing.
- – Understanding of cyber security attacks, threat actor behavior and objectives and penetration testing tools.
- – Experience with configuring and maintaining cloud-native applications.
- – Experience with Microsoft O365 management.
- – Knowledge of enterprise logging for OS, applications & various security technologies.
