Security Operations Engineer

March 18

Apply Now

Receive Emails with Similar Jobs

ConnectOS

WebsiteLinkedInAll Job Openings

ConnectOS is a leading provider of offshore talent for organisations in Australia, New Zealand, the US, Canada and the UK. For over a decade, we’ve been supporting our global clients with premium resourcing and productivity solutions.ConnectOS is one of the fastest-growing offshoring companies in the world. Founded by our Australian CEO, we help companies across a range of industries activate their capability strategies and optimise their business operations with smarter ways to solve resourcing challenges. Our vibrant, modern work environments achieve high levels of employee engagement: happy, healthy, committed people who love what they do. ConnectOS Team HQ is located at Mega Tower, EDSA in the heart of Manila, Philippines. Our Client Support HQ is based in Melbourne, Australia.

1001 - 5000 employees

📋 Description

• Schedule: Monday- Friday (08:30 AM - 05:00 PM AEST) • Provide 2nd-level technical support for Microsoft Defender, Microsoft Sentinel, and CrowdStrike within agreed SLA agreements • Monitor, investigate, and respond to security incidents using Microsoft Sentinel SIEM, Defender for Endpoint, and CrowdStrike EDR/XDR • Adhere to Incident Response, Threat Management, Security Operations, Problem, and Change Management processes aligned with ITIL and security frameworks (ASD Essential 8, NIST, MITRE ATT&CK) • Proactively hunt for threats and perform security investigations by analyzing logs, alerts, and endpoint telemetry data from Microsoft Defender, Sentinel, and CrowdStrike Falcon. • Configure, manage, and fine-tune security tools, including Microsoft Defender for Endpoint, Defender for Office 365, Sentinel (SIEM/SOAR), and CrowdStrike EDR/XDR. • Support SIEM rule tuning, automation (KQL, Logic Apps), and dashboard creation to enhance SOC efficiency, and perform vulnerability scanning and management using Rapid7, Tenable, or Qualys, ensuring remediation actions are tracked and implemented • Create and maintain technical documentation for customer security environments, including runbooks, playbooks, and incident response procedures, and provide escalated support from Service Desk (NOC/SOC Level 1) teams and assist in resolving security-related issues for enterprise customers. • Participate in on-call rotations for after-hours incident response, threat escalations, and SOC monitoring. • Conduct periodic customer meetings, presentations, and security posture reviews to provide insights into threat landscape, incident trends, and security improvements

🎯 Requirements

• Appropriate Tertiary qualifications in Cybersecurity, IT, or a related field (Computer Science, Information Security, or equivalent) • Hands-on expertise in Microsoft Security Solutions, including but not limited to: Microsoft Defender for Endpoint, Defender for Identity, Defender for Office 365, Microsoft Sentinel (SIEM/SOAR) – Log ingestion, rule tuning, automation (Logic Apps/KQL queries), CrowdStrike Falcon Endpoint Protection – EDR/XDR, Threat Hunting, and Response, Identity & Access Management (IAM) – Microsoft Entra (Azure AD), CyberArk, Privileged Access Management (PAM) • Experience with Security Awareness and Phishing Simulation tools like KnowBe4, Mimecast, and Application Whitelisting solutions such as Airlock and Microsoft Defender Application Control and strong understanding of ASD Essential 8, NIST, CIS Controls, MITRE ATT&CK, or other security frameworks • Hands-on experience in: Security Monitoring, Threat Intelligence, and Threat Hunting, Incident Response & Digital Forensics – analyzing logs, investigating security incidents, and containing threats, Driving Vulnerability Management Programs for enterprise customers and experience with network and cloud security, including Azure Security Center, Azure Firewall, and Microsoft 365 Security Compliance, and Security solutions implementation and operational experience, particularly in a Microsoft security ecosystem • Microsoft Security Certifications (e.g., SC-200: Microsoft Security Operations Analyst, SC-400: Microsoft Information Protection Administrator) • CrowdStrike Falcon Certification (e.g., CrowdStrike Certified Falcon Administrator (CCFA), CrowdStrike Certified Falcon Responder (CCFR)) • SIEM/SOAR Certifications (e.g., Microsoft Sentinel, Splunk Certified SOC Analyst, QRadar Security Analyst • CompTIA Security+ (or equivalent foundational cybersecurity certification) • ISC2 CC (Certified in Cybersecurity) • GIAC Security Operations Certified (GSOC) • Certified SOC Analyst (CSA) – EC-Council

🏖️ Benefits

• WFH • Medical, Dental Coverage and Life insurance • Paid Vacation and Sick Leave (with Quarterly Sick Leave Conversion) • Competitive salary package and annual appraisal • Financial Assistance Program • Mandatory Government Benefits and 13th Month Pay • Regular Company Events, Work Life Balance, and Career growth opportunities