The resource will be expected to expand into DRP – ZeroFox support as well.
We are looking for a hands-on SentinelOne Subject Matter Expert to augment one of our client’s cybersecurity team. This role is strictly operational, designed to offload critical endpoint maintenance and troubleshooting tasks from our internal SOC. You will act as the primary point of contact for endpoint health, driving issues to resolution with the vendor and ensuring our manufacturing and laboratory environments remain secure and operational.
SentinelOne Platform Administration:
Manage day-to-day operations of the SentinelOne management console, including agent upgrades, policy management, and hash blocking/allow-listing.
Configure and fine-tune exclusions to resolve performance conflicts with business-critical applications (e.g., proprietary manufacturing software).
Monitor and maintain agent health across a Windows-dominant environment, ensuring maximum coverage and compliance.
Incident & Technical Troubleshooting:
Investigate and resolve complex host issues (e.g., high CPU/memory utilization, software conflicts) attributed to the EDR agent.
Pull and analyze agent logs to determine root causes of performance degradations or security alerts.
Collaborate directly with business unit leads to minimize downtime in time-sensitive production environments.
Vendor Liaison & Ticket Management:
Own the technical relationship with SentinelOne Support; open, manage, and escalate tickets to resolution on behalf of the internal team.
Translate vendor technical feedback into actionable configuration changes for the environment.
SentinelOne Expertise: 3+ years of hands-on experience managing SentinelOne Singularity or similar enterprise EDR platforms. You must know the "ins and outs" of the console, not just how to view alerts.
OS Architecture: Deep understanding of Windows internals (processes, threads, registry, services) to effectively troubleshoot agent interference with the operating system.
Operational Discipline: Proven ability to work in a ticket-driven environment (e.g., Jira, ServiceNow), documenting root causes and resolution steps clearly.
Communication: Strong verbal and written communication skills to articulate technical risks to non-technical business stakeholders.
Preferred (Bonus) Skills:
Scripting & Automation: Proficiency in PowerShell or Python to automate log collection, agent deployment, or "Star Rule" creation for custom threat detection.
Forensic Basics: Familiarity with retrieving artifacts for deeper analysis (e.g., timeline analysis) during triage.
Cross-Platform Knowledge: While Windows is the priority, experience troubleshooting macOS or Linux endpoints is a plus.
Reduction in "Mean Time to Resolution" (MTTR) for EDR-related performance tickets.
Successful deployment of policy exclusions that balance security with business continuity.
Effective management of vendor support cases, preventing ticket stagnation.
Never miss an opportunity! Create an alert based on the job you applied for.
