Security Operations Administrator

Position Overview

MetroSys is seeking a dependable and detail-oriented Security Operations Administrator for a short-term contract engagement supporting a client’s security monitoring and response operations. This role is responsible for reviewing, triaging, documenting, and responding to alerts generated across the client’s security platforms and infrastructure environment.

The ideal candidate has hands-on experience with endpoint security, email security, identity-related alerts, and incident response workflows, and can work independently while coordinating with help desk and infrastructure teams as needed.

This role is structured around a daily operational review window (~2 hours per day) while supporting a 24/7 alerting environment.

Key Responsibilities

• Review and respond to security alerts and tickets generated from the client’s monitoring and security platforms
• Investigate and triage alerts related to:
  • Endpoint security events
  • Email threats and phishing activity
  • Suspicious authentication attempts
  • Firewall and network security events
• Perform incident response activities including:
  • Documentation
  • Initial remediation actions
  • Escalation and coordination
  • Post-mortem reporting
• Validate email and phishing-related incidents using:
  • Mimecast
  • KnowBe4 / PhishER / PhishRip workflows
• Monitor and respond to endpoint alerts within:
  • Sophos EDR/XDR
  • Sophos Intercept X Advanced
• Investigate identity and authentication alerts from Microsoft environments, including:
  • Sign-in risk events
  • Suspicious token or authorization activity
  • IP/location anomalies
• Support security investigations involving:
  • Sophos firewall alerts
  • Fortinet networking environments
  • MFA and authentication platforms (including YubiKey environments)
• Coordinate with client help desk and infrastructure teams for remediation support and escalation handling
• Maintain accurate documentation of incidents, actions taken, and recommendations

Required Qualifications

• 3+ years of experience in security administration, SOC operations, or security incident response
• Hands-on experience with:
  • Mimecast
  • KnowBe4 / phishing remediation workflows
  • Sophos EDR/XDR and Intercept X
  • Microsoft 365 security and sign-in risk analysis
• Understanding of:
  • Security incident response workflows
  • Endpoint and network security concepts
  • Identity and access management fundamentals
• Experience reviewing and analyzing security alerts and event data
• Strong documentation and communication skills
• Ability to work independently and manage daily operational responsibilities efficiently