Ensign is hiring !
Key Responsibilities:
- Analyze and respond to escalated alerts from Tier 1 analysts across multiple clients.
- Conduct in-depth investigations using SIEM, EDR, NDR, firewall logs, and other security tools.
- Perform malware analysis, log correlation, and network traffic analysis to identify attack vectors.
- Execute containment, eradication, and recovery procedures using predefined runbooks and playbooks.
- Escalate and coordinate with Level 3 analysts or incident response teams for high-severity incidents.
- Provide technical guidance, support, and mentoring to Tier 1 analysts.
- Identify gaps in detection capabilities and recommend improvements in correlation rules, tuning, and alerts.
- Support proactive threat hunting initiatives based on IOCs, TTPs, and contextual threat intelligence.
- Monitor external threat intelligence feeds and correlate them with client telemetry to identify potential risks.
- Maintain clear and accurate documentation of all investigations, actions taken, and incident outcomes.
- Contribute to the continuous improvement of SOC processes, including the development of SOPs, playbooks, and runbooks.
- Ensure all activities are performed in compliance with client-specific SLAs, internal policies, and applicable regulatory standards.
- Participate in client-specific onboarding activities to ensure monitoring tools are correctly configured.
- Join incident review meetings and provide root cause analysis and post-incident reporting when required.
- Handle shift handovers with detailed summaries and ensure continuity of investigations and tasks.
- Participate in internal knowledge-sharing sessions and contribute to SOC-wide initiatives and improvements.
Requirements:
Education & Experience:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field—or equivalent work experience.
- 2–4 years of experience in a Security Operations Center or similar cybersecurity environment.
- Experience working in an MSSP or multi-tenant environment is highly desirable.
Technical Skills:
- Strong experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar, Google SecOps).
- Hands-on experience with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender, FireEye).
- Familiarity with NDR and SOAR platforms is a plus (e.g., Darktrace, Corelight, Cortex XSOAR).
- Strong understanding of networking protocols, log analysis, and system administration (Windows/Linux).
- Knowledge of malware behaviors, phishing techniques, and MITRE ATT&CK framework.
- Experience with scripting and automation tools (e.g., Python, PowerShell) is a plus.
- Familiarity with case management tools (e.g., Jira, ServiceNow, TheHive).
Certifications (preferred):
- CompTIA Security+, CySA+, or equivalent.
- GIAC certifications (e.g., GCIH, GCIA, GCFA).
- CEH, or vendor-specific certifications (e.g., Microsoft SC-200, CrowdStrike CCFR).
Key Competencies:
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication—especially in client-facing documentation and briefings.
- Ability to handle multiple investigations and prioritize effectively under pressure.
- Customer-centric mindset with attention to SLA adherence and service quality.
- Collaborative, team-oriented, and proactive with continuous learning attitude.
Shift Expectations:
- Participation in shift rotations (24/7 support model, if applicable), including weekends and public holidays.
- On-call support may be required depending on client SLAs and incident severity.