What are we looking for?

We are looking for an experienced threat detection and response practitioner to serve as a trusted partner for our Managed Detection & Response (MDR) customers. You’ll work closely with your assigned customers throughout their journey, from initial onboarding through ongoing service delivery. You’ll leverage your expertise in threat detection and response to advise and support your customers on a wide range of topics, from endpoint protection to threat detection, incident response and recovery.

What will you do?

• Take full responsibility for the MDR service delivered to your assigned customers.
• Serve as a key member of the account team for all assigned customers, partnering with their Customer Success Manager, sales representative, and Technical Account Manager on all customer issues and initiatives.

• Initial engagement with assigned customers:
• Provide an overview of the MDR service, including service scope, deliverables, and standard operating procedures.
• Advise them on the configuration of the Singularity Platform (including endpoint protection policies and integrations with third party security technologies) to maximize the effectiveness of the MDR service.
• Partner with them on defining and configuring their MDR escalation and response policies.
• Document details about the customer’s environment, escalation procedures, or any other details that will assist the global MDR team in more effectively delivering our service.
• Regular ongoing engagement with assigned customers:
• Review MDR operational metrics, trends, and key findings.
• Brief customers on significant emerging threats, including actions that SentinelOne is taking to protect them, additional recommended actions for their team, and any specific findings in their environment.
• Discuss outstanding questions or issues.
• Review recommended corrective actions to improve the customer’s security posture and reduce risk.
• Lead or support additional customer briefings, meetings and on-site visits as required.
• Provide similar support to organizations evaluating SentinelOne MDR services during ‘Proof of Concept’ engagements (POCs).
• Stay closely connected with MDR operations and the threat landscape by working closely with MDR analysts, investigators, and engineers, including periodic ‘shadow days’ and rotations into these roles.
• Capture feedback from customers and prospects and share it with internal stakeholders to drive continuous service improvement.
• Represent SentinelOne MDR services at company events and conferences.

What experience and knowledge should you bring?

• Prior experience as a security operations practitioner, with a focus on one or more of the following areas: SOC operations, security monitoring, incident investigation and response, malware analysis, threat hunting, and threat intelligence.
• Strong background in security operations, incident response, or threat intelligence.
• A passion for cybersecurity, and an unwavering commitment to protecting your customers from cyber attacks. 
• An understanding of the current threat landscape, including widely used attacker TTPs and prominent threat actor groups.
• Outstanding written and verbal communication skills.
• Experience in handling complex customer escalations, effectively managing customer communications and collaborating with internal teams to drive issues to resolution.

Why us?

You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry.

• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement
• Numerous company-sponsored events including regular happy hours and team building events

As an experienced threat hunter, you will be tasked with delivering SentinelOne’s proactive threat hunting services to our Threat Hunting clients (including FedRAMP-authorized environments). You’ll build and maintain a high-quality library of hunts and rules across Windows, macOS, and Linux, with a strong emphasis on EDR telemetry (bonus if you know SentinelOne deeply). You’ll partner closely with MDR, Incident Response, Labs, and Detection Engineering to respond to emerging threats, convert research into actionable hunts, and communicate clearly with clients.

What will you do?

Threat Hunting & Hunt Library Ownership

• Design, implement, and continuously improve a structured library of hypothesis-driven hunts and reusable rules aligned with the ATT&CK framework.
• Execute proactive hunts across diverse telemetry (primarily EDR) to uncover malicious activity such as living-off-the-land techniques and stealthy persistence.
• Carry out all threat hunting activities in controlled FedRAMP environments.
• Translate findings into repeatable playbooks, automations, and platform-ready detections where applicable.

Emerging Threat Response

• Triage emerging threats (e.g. zero-days) and assess potential exposure.
• Build focused hunts and detections mapped to relevant TTPs, with clear rationale and validation steps.
• Produce concise, actionable client advisories explaining scope and potential impact of the emerging threat, recommended mitigations, and the steps being taken by SentinelOne to protect our customers.

Operational Partner Collaboration

• Partner with Detection Engineering, MDR, Labs, and CTI to evaluate and tune rules for fidelity and coverage.
• Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and when appropriate convert those into platform detections.

What experience or knowledge should you bring?

• 3+ years in security operations and/or adjacent disciplines (threat hunting, incident response, DFIR, malware analysis, SOC, or penetration testing).
• Strong familiarity with EDR telemetry (process, file, network, persistence)—SentinelOne experience is a plus.
• Proficiency with Python and Git/GitHub workflows (branches, PRs, code review); ability to turn hunt logic into robust, reusable code.
• Broad OS internals knowledge across Windows, Linux, and macOS.
• Applied CTI skills: consume and operationalize IOCs/TTPs; track actors/campaigns; pivot with OSINT to enrich hunts.
• Experience collaborating with cross-functional teams (MDR, IR, Labs, Detection Engineering) to cycle from research → hunt → detection → outcome.
• Clear, concise writing and reporting for client-facing communications (advisories, AARs, executive summaries), and comfort presenting technical analysis directly to clients when necessary.
• Familiarity with MITRE ATT&CK and mapping hunts to relevant techniques 
• U.S. citizenship required due to FedRAMP program requirements.

Why SentinelOne? 

AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place.

We invest in our Sentinels with comprehensive, competitive benefits designed to support you and your family:

• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Leading Total Rewards including Restricted Stock Program 
• 16-weeks of gender-neutral parental leave
• Paid company holidays and sick time
• Flexible working hours 
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Internet/Mobile allowance
• Learning & development at every level for every function
• Opportunity to strengthen communities globally through our S Foundation 

What are we looking for?

The SentinelOne Wayfinder MDR Team Lead must demonstrate a solid understanding of security and security analysis concepts, specifically the service playbooks and best practices, and propose improvements as well as new playbooks and processes. The Team Lead is expected to serve as an escalation point for their direct reports on threats and escalations, as well as provide training and guidance to less experienced analysts in their respective fields of expertise.

What will you do?

• Lead, mentor, and empower your team of MDR analysts through regular 1:1s, providing prompt feedback, and fostering a high-performing culture.
• Own your team's operational performance by defining, tracking, and reporting on KPIs and service goals.
• Serve as the primary technical escalation point for your team, providing expert guidance during high-stress incidents.
• Lead customer-facing escalation calls with confidence, communicating complex findings to both technical and non-technical audiences.
• Collaborate and maintain good relationships across the Threat Detection and Response organization, as well as with teams outside of MDR (ex​: Product Management, Support, R&D) to improve the overall quality of the MDR service.
• Participate in the hiring and onboarding process for new analysts.
• Drive continuous improvement by enhancing playbooks, promoting knowledge sharing, and developing the team's capabilities.

What experience and knowledge should you bring?

• Experience: 3+ years of experience in a SOC, IR, MDR, or similar environment.
• Leadership: 1+ years of experience in a leadership, mentorship, or team lead role.
• Mindset: A leadership mindset that values learning, collaboration, and mentorship
• Technical Skills: Deep understanding of incident response workflows, EDR/XDR platforms (SentinelOne preferred), and attacker tactics (MITRE ATT&CK).
• Composure: Strong composure under pressure and the ability to lead decisively during high-pressure situations.
• Communication: Clear written and verbal communication skills with experience leading customer-facing escalations.

Language: Full professional fluency in English is required.

Why Us?

You will be joining a cutting-edge company where you will tackle extraordinary challenges and work with the very best in the industry.

• Flexible working hours and hybrid/remote work model with in-office lunch program
• Private medical care and life insurance
• Vacation days and paid sick time
• Global gender-neutral parental leave (16 weeks)
• Employee stock programs (RSUs + ESPP)
• Employee Assistance Program and Wellness Coach app
• Annual bonus program
• Home office setup and maintenance support
• Home phone/internet allowance
• High-end MacBook or Windows laptop
• Referral bonus program
• Professional development support, including LinkedIn Learning
• Company events and community activities

As a Customer Outcomes Strategy & Operations Intern, you will work closely with leaders across Product Management, Product Marketing, Customer Success, and Threat Services to support AI and automation initiatives, operational process improvements, and cross-team alignment efforts. This role will focus on helping streamline internal workflows, formalize documentation and processes, and track key strategic initiatives that improve customer outcomes and operational efficiency.

This role is ideal for someone looking to gain hands-on experience supporting the execution and tracking of cross-functional strategic initiatives. The intern will gain exposure to strategy execution within customer-facing organizations such as Customer Success and Threat Services, while also contributing to AI and automation initiatives designed to improve operational efficiency.

What Will You Do? 

Primary responsibilities include:

• Support the Customer Outcomes Strategy & Operations team in executing initiatives aimed at improving operational efficiency and customer outcomes across services and customer-facing teams
• Assist in identifying opportunities to leverage AI, automation, and improved workflows to streamline internal processes and scale team operations
• Partner with leaders across Customer Success, Professional Services, Threat Services, and Renewals to identify areas for process improvement and cross-team alignment
• Help standardize documentation and operational processes
• Provide support in tracking strategic initiatives, including maintaining project timelines, monitoring progress, and helping drive accountability for key milestones
• Assist with reporting and analysis on the success of initiatives, gathering insights that help teams understand impact and improve execution
• Help coordinate cross-functional efforts by facilitating follow-ups, organizing updates, and ensuring deadlines and deliverables remain on track
• Participate in strategy discussions, workshops, and operational planning sessions to contribute ideas for continuous improvement across the Customer Outcomes organization 

What Skills and Knowledge Should You Bring?

Ideal candidates will have:

• Strong organizational and project coordination skills, with the ability to manage multiple priorities and deadlines
• Strong interpersonal and communication skills with the ability to collaborate across different teams and levels of the organization
• Analytical mindset with the ability to identify operational challenges and propose practical solutions
• Interest in AI, automation, and operational optimization, particularly in how these technologies can improve team efficiency and scalability
• Experience or familiarity with modern LLM tools such as ChatGPT, Gemini, or similar AI tools, and curiosity about applying AI-driven solutions to business processes
• Strong attention to detail and an interest in process documentation, operational structure, and execution tracking
• Proactive and self-motivated with a strong desire to learn about strategy, operations, and customer-focused organizations

Why SentinelOne? 

AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place.

Our global internship program trains the next-generation of cybersecurity talent across a range of specializations, from threat intelligence to information security, engineering and marketing. Interns can learn about the network security industry from leading thinkers, grow their professional networks, and be part of a career-defining experience including: 

• 1:1 mentorship
• The opportunity to expand your knowledge and work on challenging projects
• Training and Development opportunities 
• Connections to other recent grads, and employees across the company
• Leadership speaker series where you can learn about other areas of the business and ask questions to the senior leadership team and industry experts
• Fun events!