Ensign is hiring !
Key Responsibilities:
- Lead investigation and incident response activities for high-severity or complex security incidents across multiple clients.
- Act as final escalation point for incidents unresolved by Tier 1 and Tier 2 analysts.
- Conduct advanced forensic analysis of logs, network traffic, endpoints, and malware to identify root cause and scope.
- Perform proactive threat hunting based on current threat intelligence, TTPs (MITRE ATT&CK), IOCs, and anomalous behavior.
- Develop and refine detection logic, SIEM correlation rules, and EDR/NDR signatures to enhance SOC effectiveness.
- Support incident containment, eradication, and recovery efforts across diverse client environments.
- Collaborate with Threat Intelligence, Engineering, and IR teams to improve tools, data sources, and workflows.
- Identify gaps in an organization’s measurement metrics, telemetry, and logging capabilities and propose enhancement strategies to achieve the intended outcomes.
- Provide technical leadership and mentorship to junior analysts, supporting their skill development and analysis quality.
- Conduct post-incident reviews and create root cause analysis (RCA) and after-action reports for clients.
- Contribute to playbook creation, tuning, and automation efforts, particularly within SOAR platforms.
- Interface with client security teams, IT teams, and executives to communicate investigation findings, remediation guidance, and strategic improvements.
- Ensure SOC processes align with industry frameworks (e.g., NIST, ISO 27001) and client-specific regulatory requirements (e.g., HIPAA, PCI-DSS).
- Lead purple team exercises or internal red vs. blue simulations to test detection coverage and SOC readiness.
Requirements:
Education & Experience:
- Bachelor’s degree in Cybersecurity, Computer Science, or related discipline (or equivalent hands-on experience).
- 4+ years of experience in a SOC or cybersecurity operations role, including experience with incident response and threat hunting.
- Prior experience in an MSSP or multi-tenant SOC environment is strongly preferred.
Technical Skills:
- Deep expertise in security tools: SIEM (e.g., Splunk, MS Sentinel, QRadar, Google SecOps, Devo), EDR (e.g., CrowdStrike, SentinelOne), NDR, SOAR.
- Strong understanding of malware behavior, exploit techniques, persistence mechanisms, and attack chain.
- Advanced knowledge of operating systems (Windows/Linux), networking, firewalls, and cloud security (e.g., Azure, AWS).
- Familiarity with threat modeling, ATT&CK framework, cyber kill chain, and detection engineering.
- Experience with scripting and automation (e.g., Python, Bash, PowerShell) to improve SOC efficiency.
Certifications (preferred):
- GIAC certifications (e.g., GCIH, GCFA, GCIA, GDAT, GNFA)
- Offensive Security (OSCP) or equivalent
- CompTIA CASP+, CySA+
- Microsoft SC-200, Azure Defender certifications
Key Competencies:
- Strong investigative and analytical skills with attention to detail.
- Ability to manage multiple critical incidents and prioritize effectively under pressure.
- Excellent verbal and written communication, especially in client-facing contexts.
- Leadership and mentoring abilities to upskill junior staff and strengthen SOC maturity.
- Strategic thinking with a continuous improvement mindset.
- High degree of professionalism, discretion, and accountability.
Shift Expectations:
- Generally operates in a regular business-hour schedule, but must be available for escalation during critical incidents.
- May participate in on-call rotations or emergency response shifts depending on client SLAs.
Career Path:
Progression into roles such as SOC Team Lead, Incident Response Manager, Threat Intelligence Lead, or Security Architect, based on leadership, innovation, and impact.