Ensure full coverage of the technology estate (servers and workstations), making sure antivirus agents are installed, up to date, and correctly communicating with management consoles (Microsoft Defender and SentinelOne);
Continuously adjust security policies and antivirus exceptions to reduce false positives and preserve the performance of critical applications;
Triage and perform technical analysis of security alerts (malware/infections), ensuring rapid containment, remediation, and normalization of assets;
Monitor and remediate non-compliant devices, ensuring compliance across the environment;
Provide advanced technical support to the N2 team and work collaboratively with engineering, support, and infrastructure teams to contribute to service continuity and evolution;
Conduct proactive threat hunting using KQL queries to identify indicators of compromise (IoCs) not detected automatically;
Identify operating system vulnerabilities using tools such as Intune and security consoles, ensuring timely application of patches and critical updates.
Requirements
Required qualifications
Bachelor's degree in Information Technology, Information Security, or a related field;
Basic English for technical reading;
Experience managing antivirus and EDR solutions, including administration and tuning of Microsoft Defender for Endpoint and SentinelOne consoles;
Knowledge of network microsegmentation, using tools such as Guardicore for traffic control and threat isolation;
Proficiency in device management using Microsoft Intune, including applying security policies, compliance settings, and endpoint protection;
Knowledge of technical security analysis, using KQL to investigate alerts and search for indicators of compromise;
Experience in vulnerability management, including identifying risks and applying security patches to operating systems.
Desired qualifications
Familiarity with incident response automation, including creating and maintaining playbooks to integrate alerts with automated actions;
Experience with automation using PowerShell, focused on mass remediation and optimizing operational activities.