Security Operations Administrator
Position Overview MetroSys is seeking a dependable and detail-oriented Security Operations Administrator for a short-term contract engagement supporting a client’s security monitoring and response operations. This role is responsible for reviewing, triaging, documenting, and responding to alerts generated across the client’s security platforms and infrastructure environment. The ideal candidate has hands-on experience with endpoint security, email security, identity-related alerts, and incident response workflows, and can work independently while coordinating with help desk and infrastructure teams as needed. This role is structured around a daily operational review window (~2 hours per day) while supporting a 24/7 alerting environment.
Key Responsibilities
Review and respond to security alerts and tickets generated from the client’s monitoring and security platforms Investigate and triage alerts related to:Endpoint security events Email threats and phishing activity Suspicious authentication attempts Firewall and network security events Perform incident response activities including:Documentation Initial remediation actions Escalation and coordination Post-mortem reporting Validate email and phishing-related incidents using:Mimecast KnowBe4 / PhishER / PhishRip workflows Monitor and respond to endpoint alerts within:Sophos EDR/XDR Sophos Intercept X Advanced Investigate identity and authentication alerts from Microsoft environments, including:Sign-in risk events Suspicious token or authorization activity IP/location anomalies Support security investigations involving:Sophos firewall alerts Fortinet networking environments MFA and authentication platforms (including YubiKey environments) Coordinate with client help desk and infrastructure teams for remediation support and escalation handling Maintain accurate documentation of incidents, actions taken, and recommendations Required Qualifications 3+ years of experience in security administration, SOC operations, or security incident response Hands-on experience with:Mimecast KnowBe4 / phishing remediation workflows Sophos EDR/XDR and Intercept X Microsoft 365 security and sign-in risk analysis Understanding of:Security incident response workflows Endpoint and network security concepts Identity and access management fundamentals Experience reviewing and analyzing security alerts and event data Strong documentation and communication skills Ability to work independently and manage daily operational responsibilities efficiently Apply To This Job