Role Proficiency:

Provide support across SIEM or EDR technologies for global customers; ensuring the platforms are functioning as expected. Independently conduct checks and basic triage for global customers under minimal guidance of senior members of the team.

Outcomes:

Conduct Health checks for a single or multiple platform types following guidance and escalating issues observed escalating to a senior team member for review to ensure proper visibility of issues before they become incidents. Assist with service requests for platform types such as access requests as well as more targeted requests for specific modules on platform such as dashboard creation and query support. Investigation of larger issues supporting internal and external stakeholders. Provide assistance with maintenance activities to help with improving the understanding of architecture of supported platforms. Build a self awareness proficiency for supported toolsets. Generate relevant reporting as required for platforms being supported on a regular basis to help meet internal and external reporting requirements. Follow relevant in-life processes tracking any escalation pipelines and pathways required to ensure consistency of applications provided to the customer. Provide support and guidance to more junior members of the team assisting with their development.

Measures of Outcomes:

Percent of adherence to processes and methodologiesa.Percent of adherence to SLAs for in life ticketing processesb.Percent of adherence to workflows and the completeness of audit trails for any activities Productivity score maintaineda.Number of issues identified early in pinpoint problems with delivering tasks or workload.b.Number of issues with effective evidence provided for escalations during triage. Number of relevant change documentation reviewed on a regular basis; ensuring processes remain relevant for the broader team. Number of relevant skill related training and development activities undertaken; evidenced by certification.

Outputs Expected:

Platform Health Monitoring:

Support Service Requests and first level Incident support as well as assisting Junior Members. Proactive identification of issues
with behavioural analysis/patterns identified
with suggestions for resolutions. Conduct daily and regular occurring service tasks with minimal supervision to ensure daily operation of the platform supported.

Technical Expertise:

Develop and demonstrate comprehension and experience in a specific SIEM or EDR platform Using technology
identify and be able to implement technical solutions to issues with queries/rules/dashboards/data feeds

Customer Focus:

Ensure customer specific processes are being followed. Undertake mandatory and proactive learning and development opportunities.

Skill Examples:

Good communication skills Ability to be prepared to undertake background check/validation to ensure integrity. Aptitude in working with a/multiple SIEM or EDR technologies unsupervised. Capable in working as part of a shift Ability to share knowledge with peers and juniors Ability to work with querying data and the role of a SIEM/EDR Ability to demonstrate analytical skills working across multiple technologies and customers.

Knowledge Examples:

Knowledge Examples

Good communication skills Ability to be prepared to undertake background check/validation to ensure integrity. Aptitude in working with a/multiple SIEM or EDR technologies unsupervised. Capable in working as part of a shift Ability to share knowledge with peers and juniors Ability to work with querying data and the role of a SIEM/EDR Ability to demonstrate analytical skills working across multiple technologies and customers.

Additional Comments:

Microsoft E5: Must have skills: Minimum 2+ years of hands-on experience with E5 implementation (MSCAB, MDI, Office365 and Purview) In-depth knowledge of Microsoft 365, Azure, and other components of the Microsoft E5 stack, with a strong understanding of security and compliance requirements. Must know Office 365 Threat policies. Knowledge of the top 5 Common IT Compliance Standards such as (NIST, PCI and GDPR etc.,) 3+ Hands-on experience with MDE platform management on an administrator level Experience in creating custom detection rules  Expertise in troubleshooting sensor and platform issues Experience in KQL Language  Must have knowledge of identity-based attacks, honeytokens and sensitive tags. Experience in creating custom policies in complete E3, E5 & A5 suite. Knowledge of basic security automation. Knowledge of integration of custom data sources (non- MS) to MCASB and able to create custom policies. Fine-tuning the false positives to the point where fatigue is minimized. Fine-tuning the default rules as per customer environment. Familiarity with the development of executive reports (daily, weekly, and monthly). Expertise in troubleshooting sensitive labels and creating trainable classifiers. Proficiency in configuring and customizing Microsoft E5 products to align with specific business needs. Must be willing to explore and learn on your own. Desirable skills: Excellent problem-solving skills and attention to detail. Strong communication skills and the ability to collaborate effectively with other teams. Experience in performing POA and POC to test the E5 solution and functionalities. Knowledge of frameworks such as CIS and CSA. Assist the team by offering training or KTs as needed. Knowledge of the Mitre Att&ck/Defend framework and the cyberkill chain. Proactively look for threats based on threat intelligence and APTs ttps. Review and stay up to date on the latest cyber security threats and trends.