SOC Resources with CrowdStrike EDR exp
  • Prudent Consulting
4 Hours Ago
NA
NA
Remote
10-12 Years
Required Skills: Crowdstrike EDR, Core security mechanisms in windows, Python, PowerShell, DNS Security, Cisco Umbrella, Palo Alto firewalls, General network security principles, Zabbix, ELK, Vulnerability management workflows, Tanium and manual patching, software remediation, SSO, SAML
Job Description
SUMMARY
  • Client is seeking four contract Security Analysts to restore full 24x7 Security Operations Center (SOC) coverage through the end of 2025. This is a temporary, operational support engagement designed to sustain the security function during the transition period following ’s acquisition, until integration into infrastructure is complete. These analysts will be responsible for core SOC functions, with a strong focus on Incident Response—including detection, triage, containment, remediation, and post-incident reporting. Candidates must be capable of managing incidents end-to-end and interfacing with both internal and external stakeholders as needed.
  • Beyond incident response, the role includes contributing to day-to-day security administration across systems such as CrowdStrike, Microsoft Entra, Duo, and Cisco Umbrella. Analysts are expected to identify and act on opportunities to improve the overall security posture. All four resources will report into the SOC and be functionally managed. Strong communication skills, the ability to work independently, and a proactive mindset are essential.
 
JOB LEVEL AND EXPERIENCE
  • All four should be Mid-Level Analysts, capable of operating with moderate oversight and executing core SOC functions effectively.
  • Ideally, our preference would be for one of them to be a Senior Analyst who can act as a lead, a technical escalation point for the other three and can fully manage incidents end-to-end.  However, due to the time constraints we recognize that this may not be possible.
 
KEY RESPONSIBILITIES
All analysts will be expected to:
  • Monitor, triage, and respond to security alerts.
  • Lead or assist with incident management from detection through resolution.
  • Conduct post-incident analysis and create clear, professional incident reports and postmortems.
  • Investigate anomalies and suspicious behavior (e.g., login anomalies, access violations).
  • Interface with external teams during live incidents, including on calls.
  • Handle patch and vulnerability remediation, especially for gaps not covered by automated tools.
 
REQUIRED SKILL SET
CrowdStrike EDR: Investigation, alert triage, threat hunting.
Core Security Mechanisms in Windows: The IT environment is primarily windows. Candidates should have functional knowledge of core windows security mechanisms.
  • Security Principals and Security Identifiers
  • Access Tokens
  • Security Descriptors, DACLS/Discretionary Access Control, Access Control Entries (ACEs)
  • Windows Privileges
  • Kerberos and NTLM
OS & Core Platform Skills:
  • Windows security administration.
  • Linux OS security administration. This is a much small part of the environment and less critical. Basic Linux skills are sufficient.
  • Basic scripting or automation skills (e.g., PowerShell, Python).
Network & Identity:
  • Microsoft Entra ID (formerly Azure AD), including role-based access, MFA, SSO troubleshooting.
  • Familiarity with Cisco Duo or Microsoft MFA systems.
  • Basic knowledge of SSO (SAML) and troubleshooting auth integrations.
Soft Skills:
  • Strong communication skills, especially for status updates and external stakeholder interactions.
  • Ability to work independently and write concise, high-quality documentation.
  • Familiarity with incident coordination, ideally as part of a CSIRT/SOC function.
 
DESIRED SKILLS
  • DNS Security, preferably Cisco Umbrella.
  • Familiarity with Palo Alto firewalls and general network security principles.
  • Experience with log aggregation and monitoring platforms (e.g., Zabbix, ELK).
  • Experience with vulnerability management workflows.
  • Familiarity with Tanium and manual patching or software remediation.
 
ENGAGEMENT DETAILS
Start Date: As soon as possible.
Coverage Goal: True 24x7 SOC coverage
Scheduling Flexibility:
  • Initially aligned to New York business hours.
  • Resources will gradually be rotated into evening/weekend shifts based on gaps.
  • Onboarding can be staggered
Apply for job
Similar Jobs
Senior Security Engineer
CyberArk Remediation
CyberArk Certified Delivery Engineer
Technical Support Specialist

Jobseeker

Looking For Job?
Search Jobs

Recruiter

Are You Recruiting?
Search Candidates