SentinelOne Support Specialist

Experience: 8 to 10 years

Role Overview:
The resource will be expected to expand into DRP – ZeroFox support as well.

We are looking for a hands-on SentinelOne Subject Matter Expert to augment one of our client’s cybersecurity team. This role is strictly operational, designed to offload critical endpoint maintenance and troubleshooting tasks from our internal SOC. You will act as the primary point of contact for endpoint health, driving issues to resolution with the vendor and ensuring our manufacturing and laboratory environments remain secure and operational.

Key Responsibilities
SentinelOne Platform Administration:
Manage day-to-day operations of the SentinelOne management console, including agent upgrades, policy management, and hash blocking/allow-listing.
Configure and fine-tune exclusions to resolve performance conflicts with business-critical applications (e.g., proprietary manufacturing software).
Monitor and maintain agent health across a Windows-dominant environment, ensuring maximum coverage and compliance.
Incident & Technical Troubleshooting:
Investigate and resolve complex host issues (e.g., high CPU/memory utilization, software conflicts) attributed to the EDR agent.
Pull and analyze agent logs to determine root causes of performance degradations or security alerts.
Collaborate directly with business unit leads to minimize downtime in time-sensitive production environments.
Vendor Liaison & Ticket Management:
Own the technical relationship with SentinelOne Support; open, manage, and escalate tickets to resolution on behalf of the internal team.
Translate vendor technical feedback into actionable configuration changes for the environment.
Required Qualifications

SentinelOne Expertise: 3+ years of hands-on experience managing SentinelOne Singularity or similar enterprise EDR platforms. You must know the ins and outs of the console, not just how to view alerts.
OS Architecture: Deep understanding of Windows internals (processes, threads, registry, services) to effectively troubleshoot agent interference with the operating system.
Operational Discipline: Proven ability to work in a ticket-driven environment (e.g., Jira, ServiceNow), documenting root causes and resolution steps clearly.
Communication: Strong verbal and written communication skills to articulate technical risks to non-technical business stakeholders.
Preferred (Bonus) Skills

Scripting & Automation: Proficiency in PowerShell or Python to automate log collection, agent deployment, or Star Rule creation for custom threat detection.
Forensic Basics: Familiarity with retrieving artifacts for deeper analysis (e.g., timeline analysis) during triage.
Cross-Platform Knowledge: While Windows is the priority, experience troubleshooting macOS or Linux endpoints is a plus.
Success Metrics

Reduction in Mean Time to Resolution (MTTR) for EDR-related performance tickets.
Successful deployment of policy exclusions that balance security with business continuity.
Effective management of vendor support cases, preventing ticket stagnation.