The XDR Engineer is responsible for the ongoing maintenance, analysis and management of client and QC technology that underpins our XDR Service. This primarily focuses on Microsoft Defender suite – including Defender for Endpoint, Cloud Apps, Office365, Identity and Cloud – but will expand to other Microsoft technologies as required. The service aims to deliver ongoing maintenance, security improvement, insights, and risk reduction for our customers via an integrated Defender and Azure Sentinel solution, alongside our Managed Detection and Response (MDR) service.

The XDR Engineer will report to the XDR Service Lead within Quorum Cyber’s Managed Services team and work closely alongside our Service Delivery, SOC, Threat Intelligence, Incident Response and Engineering teams. You will also work closely with the Solution Director for our MDR and XDR services.

what i do is:

· Review, maintain and configure the Microsoft Defender Suite and Azure AD Identity Protection for customers, based on their business needs, threats and good practise.

· Follow change control processes in line with QC and Customer requirements.

· Ensure all tickets are managed and closed correctly.

· Onboard new customers – reviewing and configuring their technology to our defined baseline and working alongside our service deliver teams to ensure relevant processes such as change control are agreed. This may also include supporting rapid deployments / reviews of the Defender Suite for customers during incidents.

· Carry out regular daily, weekly, monthly checks as required – including health checks, review of secure score and any trends/changes in threat exposure or vulnerabilities.

· Review trends, changes in Customer’s Defender suite (e.g. threats, secure score), to proactively identify any potential improvements.

· Liaise with customers and internal teams as required to understand customer requirements and concerns and work out solutions for these.

· Work closely with SOC and TI to identify security improvements and configuration updates based on insights and trends from Customer’s alerts and incidents.

· Create reports and summaries for the service delivery teams and customer on improvements, recommendations, any changes to their security posture – again articulating why, and benefits.

· Proactively raise any ideas on improving or developing our XDR service to the XDR service lead and Solution Director for XDR.

· Keep XDR service delivery documentation up to date.

· Maintain and develop knowledge of Azure and Microsoft Defender Suite, and any other Azure or M365 technologies required.

i know i have done a great job if:

· I receive good feedback on my delivery of the XDR service from my team and/or customers.

· I am delivering effective, efficient, and elegant engineering solutions appropriate for the customer.

· I receive good feedback from other teams around the business that I work with.

· I am fully engaged with the purpose of the service and are identifying improvements in line with QC’s vision.

· I am addressing issues that arise in the service in a timely and efficient manner

· I am fixing issues with repeatable and documented solutions

· I am always pushing the boundaries of what can be delivered to provide the best experience for the customer

· I am always striving to be one step ahead with security technologies and my own development

· I get great feedback from colleagues and customers for the quality of my work

· I provided pragmatic recommendations internally

· I have applied logic as well as soft-skills to my work

· I have worked closely with my colleagues to improve our current methodologies

Required experience:

· Strong knowledge of the Microsoft Defender Suite and it’s configuration

· Knowledge of Azure Sentinel, Active Directory, Identity Protection and other products

· Understanding of cyber security threats

· Customer centricity

· Thinking clearly under pressure

· Analytical and problem solving skills, focusing on simplicity and Customer needs

· Focussed on detail

· Great communication, reporting and organisational skills

· Curious and innovative

· Great team player

· Ability to mentor and help develop others.

Desirable experience

· Experience of delivering managed XDR services

· Experience deploying the Defender suite.

· Experience with software packaging and deployment – SCCM / MECM / Intune

· Experience of Security Operations Center operations

· Microsoft Sentinel, MS Server 2008R2 to current and MS Applications 2008R2 to current[PA1]

· Amazon Web Services

· Linux / Unix

· Experience of scripting languages such as Python/PowerShell