Senior Cybersecurity Engineer / SentinelOne Practice Lead

About LetterNine

LetterNine is a growing managed service provider focused on helping businesses simplify IT, strengthen security, and operate with confidence. As a direct SentinelOne partner, we are expanding our cybersecurity practice and looking for an experienced cybersecurity professional to help lead that growth.

This role is ideal for someone who has deep hands-on experience with SentinelOne, understands the MSP/MSSP service model, and wants to help build a cybersecurity program from the ground up.

Position Summary

The Senior Cybersecurity Engineer / SentinelOne Practice Lead will serve as LetterNine’s internal subject matter expert for SentinelOne and related cybersecurity services. This person will be responsible for designing, implementing, managing, and continuously improving SentinelOne environments across our client base.

This role will also help shape the future of LetterNine’s cybersecurity team, including service offerings, client onboarding standards, incident response processes, security playbooks, documentation, technician training, and long-term cyber strategy.

The ideal candidate has extensive experience with SentinelOne Singularity, strong incident response and threat hunting skills, and a proven ability to work with clients in a fast-paced MSP or MSSP environment.

Key ResponsibilitiesSentinelOne Platform Ownership

• Serve as the primary technical lead for SentinelOne across LetterNine’s client base.
• Design, deploy, configure, and manage SentinelOne Singularity environments.
• Build and maintain standardized SentinelOne policies, exclusions, groups, alerting rules, and response workflows.
• Manage endpoint protection, EDR, XDR, MDR, identity protection, cloud security, AI SIEM, and related SentinelOne services as applicable.
• Review and tune SentinelOne detections to reduce false positives while maintaining strong security coverage.
• Assist with onboarding new clients into SentinelOne and ensuring proper deployment, visibility, and protection.
• Work directly with SentinelOne partner resources to stay current on new features, roadmap items, licensing changes, and best practices.

Incident Response and Threat Hunting

• Lead investigation and response for security alerts, suspicious activity, malware events, account compromise indicators, and endpoint incidents.
• Perform threat hunting using SentinelOne and other security tools.
• Analyze suspicious files, scripts, PowerShell activity, lateral movement indicators, persistence mechanisms, and endpoint telemetry.
• Coordinate remediation steps, including isolation, rollback, quarantine, kill, account resets, persistence removal, and post-incident hardening.
• Produce clear incident reports for clients and internal stakeholders.
• Help develop formal incident response playbooks and escalation procedures.

Cybersecurity Practice Development

• Help build LetterNine’s cybersecurity service offerings around SentinelOne and the broader security stack.
• Create standards for client security onboarding, baseline hardening, monthly security reviews, and ongoing cyber hygiene.
• Develop repeatable processes for EDR deployment, MDR escalation, SIEM review, vulnerability follow-up, and security policy enforcement.
• Help define what should be included in LetterNine’s cybersecurity packages and how services should be delivered.
• Mentor help desk and systems engineers on cybersecurity fundamentals, alert triage, and SentinelOne best practices.
• Assist leadership with building a long-term roadmap for the cybersecurity team.

Client-Facing Responsibilities

• Act as a trusted cybersecurity advisor for clients.
• Join client meetings to explain security findings, SentinelOne recommendations, incident response outcomes, and risk reduction strategies.
• Help prepare executive-friendly cybersecurity reports, recommendations, and remediation plans.
• Assist with security assessments, cyber insurance questionnaires, compliance requests, and vendor security reviews.
• Communicate technical issues in a clear, professional, and business-friendly way.

Documentation and Process

• Create and maintain internal runbooks, response procedures, SentinelOne deployment guides, and troubleshooting documentation.
• Document client-specific SentinelOne configurations, exclusions, policies, and escalation contacts.
• Build repeatable workflows for alert handling, incident response, reporting, and client communication.
• Work within LetterNine’s PSA, RMM, documentation, and ticketing systems.

Required Qualifications

• 5+ years of hands-on cybersecurity experience.
• Strong hands-on experience with SentinelOne Singularity, including deployment, policy management, detection review, endpoint isolation, remediation, rollback, exclusions, and incident investigation.
• Experience working in an MSP, MSSP, SOC, incident response, or client-facing cybersecurity role.
• Strong understanding of endpoint security, EDR, XDR, malware analysis, threat hunting, identity-based attacks, phishing, credential compromise, lateral movement, and persistence techniques.
• Experience investigating Windows endpoint activity, PowerShell abuse, suspicious scripts, unauthorized remote access tools, and malicious process behavior.
• Strong understanding of Microsoft 365 security concepts, including Entra ID, MFA, conditional access, audit logs, email security, and account compromise response.
• Ability to communicate clearly with both technical and non-technical audiences.
• Strong documentation skills.
• Ability to work independently and help build structure where it does not yet exist.

SentinelOne Certification Requirements

The ideal candidate should hold active SentinelOne certifications, including:

• SentinelOne Palladium certification or equivalent advanced SentinelOne certification.
• SentinelOne technical certifications related to Singularity Endpoint, XDR, Identity, Cloud, AI SIEM, or Incident Response.
• SentinelOne partner, administrator, or engineer-level training through SentinelOne University.

Candidates without Palladium certification may still be considered if they have extensive real-world SentinelOne experience and are willing to obtain required SentinelOne certifications within an agreed-upon timeframe.

Preferred Qualifications

• Experience with SentinelOne MDR or managing escalations with a managed detection and response provider.
• Experience with SentinelOne Singularity Identity.
• Experience with SentinelOne AI SIEM, Security Data Lake, Purple AI, or XDR workflows.
• Experience with Microsoft Defender, Microsoft Purview, Microsoft Sentinel, Huntress, CrowdStrike, Sophos, Fortinet, Check Point, Proofpoint, Mimecast, or similar security platforms.
• Experience building cybersecurity services inside an MSP or MSSP.
• Experience with compliance frameworks such as CIS Controls, NIST CSF, HIPAA, FTC Safeguards, SOC 2, or cyber insurance security requirements.
• Experience creating client-facing cybersecurity reports and executive summaries.
• Experience training internal technical teams.
• Relevant industry certifications such as CISSP, GCIH, GCIA, GCFA, CySA+, Security+, CEH, or similar.

Key Traits

• Builder mindset.
• Strong technical curiosity.
• Calm under pressure during incidents.
• Comfortable working directly with clients.
• Strong sense of ownership.
• Able to translate technical risk into business impact.
• Process-oriented, but practical.
• Willing to teach and mentor others.
• Excited to help grow a cybersecurity practice.

Success in This Role Looks Like

Within the first 90 days, this person will:

• Take ownership of LetterNine’s SentinelOne environments and partner resources.
• Review and improve current SentinelOne policies, groups, exclusions, and alert workflows.
• Build an internal SentinelOne deployment and management standard.
• Create an incident response workflow for SentinelOne alerts.
• Help train the technical team on alert triage and escalation.
• Identify opportunities to expand LetterNine’s cybersecurity service offerings.

Within the first year, this person will:

• Help establish LetterNine’s cybersecurity team structure.
• Build repeatable cybersecurity service packages.
• Improve client security reporting and executive communication.
• Lead advanced incident response and threat hunting efforts.
• Serve as LetterNine’s primary SentinelOne technical authority.
• Help grow cybersecurity revenue and client security maturity.

Pay: From $90,000.00 per year

Benefits:

• 401(k) matching
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Retirement plan
• Vision insurance

Work Location: In person