L2 EDR Administrator

3 - 5 Years

1 Opening

Bangalore

Role Proficiency:

Provide support across SIEM or EDR technologies for global customers; ensuring the platforms are functioning as expected. Independently conduct checks and basic triage for global customers under minimal guidance of senior members of the team.

Outcomes:

• Conduct Health checks for a single or multiple platform types following guidance and escalating issues observed escalating to a senior team member for review to ensure proper visibility of issues before they become incidents.

• Assist with service requests for platform types such as access requests as well as more targeted requests for specific modules on platform such as dashboard creation and query support. Investigation of larger issues supporting internal and external stakeholders.

• Provide assistance with maintenance activities to help with improving the understanding of architecture of supported platforms. Build a self awareness proficiency for supported toolsets.

• Generate relevant reporting as required for platforms being supported on a regular basis to help meet internal and external reporting requirements.

• Follow relevant in-life processes tracking any escalation pipelines and pathways required to ensure consistency of applications provided to the customer.

• Provide support and guidance to more junior members of the team assisting with their development.

Measures of Outcomes:

• Percent of adherence to processes and methodologiesa.Percent of adherence to SLAs for in life ticketing processesb.Percent of adherence to workflows and the completeness of audit trails for any activities

• Productivity score maintaineda.Number of issues identified early in pinpoint problems with delivering tasks or workload.b.Number of issues with effective evidence provided for escalations during triage.

• Number of relevant change documentation reviewed on a regular basis; ensuring processes remain relevant for the broader team.

• Number of relevant skill related training and development activities undertaken; evidenced by certification.

Outputs Expected:

Platform Health Monitoring:

• Support Service Requests and first level Incident support as well as assisting Junior Members.

• Proactive identification of issues
  
  with behavioural analysis/patterns identified
  
  with suggestions for resolutions.

• Conduct daily and regular occurring service tasks with minimal supervision to ensure daily operation of the platform supported.

Technical Expertise:

• Develop and demonstrate comprehension and experience in a specific SIEM or EDR platform

• Using technology
  
  identify and be able to implement technical solutions to issues with queries/rules/dashboards/data feeds

Customer Focus:

• Ensure customer specific processes are being followed.

• Undertake mandatory and proactive learning and development opportunities.

Skill Examples:

• Good communication skills

• Ability to be prepared to undertake background check/validation to ensure integrity.

• Aptitude in working with a/multiple SIEM or EDR technologies unsupervised.

• Capable in working as part of a shift

• Ability to share knowledge with peers and juniors

• Ability to work with querying data and the role of a SIEM/EDR

• Ability to demonstrate analytical skills working across multiple technologies and customers.

Knowledge Examples:

Knowledge Examples

• Good communication skills

• Ability to be prepared to undertake background check/validation to ensure integrity.

• Aptitude in working with a/multiple SIEM or EDR technologies unsupervised.

• Capable in working as part of a shift

• Ability to share knowledge with peers and juniors

• Ability to work with querying data and the role of a SIEM/EDR

• Ability to demonstrate analytical skills working across multiple technologies and customers.

Additional Comments:

Team is looking to hire a L2 EDR Administrator Candidate for this position should have a strong understanding and high technical skill in the Defender, CrowdStrike or SentinelOne any 2 EDR tool (SME Level) Provide the customer with clear and concise advice on how to improve their use of EDR Solution Providing well-thought-out and reliable direction to help customers integrate, deploy, and maintain the EDR Service. Supports Endpoint Detection and Response (EDR) applications from an operational capacity and ensures cyber security service availability for all endpoint (i.e. servers, desktops and laptops). Knowledgeable in the Windows environment, including Windows Servers and Workstation, troubleshooting, and diagnosing low-level operating systems and network issues. Should have hands-on experience on Linux machines and troubleshooting skills (Deploy and configure EDR sensors on Linux machines, Troubleshoot problems on Linux machines, Collect and analyse logs from Linux machines to investigate security incidents) Should have string understanding of ITIL processes and responsible to Manage & Maintain Change management activities for the customer (Schedules change requests and ensure availability of required resources, Communication on change preparation guideline to achieve internal customer confidence, Ensure the successful implementation of the change, review all changes for effectiveness and efficiency (after completion), defines list of pre-authorized changes) In addition to having strong communication and interpersonal skills, the candidate should also be able to adapt to different communication styles. This is because they will need to be able to communicate effectively with customers over a variety of channels. Candidate to have knowledge on at least one scripting language. Scripting languages can be used to automate many tasks, including generating reports, managing systems, and deploying software. This is especially important in this role, as the majority of the reports and manual tasks are being converted into an automated fashion. Should have administration knowledge and experience of more than 1 EDR solution (Defender, CrowdStrike or SentinelOne)"

Siem,xdr,Edr,Managed Security

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients' organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.