Ensign is hiring !
The Security Analyst Level 2 (L2) is responsible for investigating, analyzing, and responding to security events and incidents escalated from Level 1 analysts. This role requires a strong technical background, analytical thinking, and hands-on experience in threat detection, incident response, and security monitoring. The L2 analyst plays a critical role in containing threats and improving the organization’s security posture.
Triage and investigate escalated alerts from L1 analysts to determine the nature and severity of potential threats.
Perform in-depth analysis of network traffic, security logs, and system events.
Conduct malware analysis and forensic investigations as needed.
Document and escalate verified incidents to the Incident Response team.
Provide guidance and mentorship to L1 analysts.
Recommend and implement detection improvements and playbook enhancements.
Collaborate with other teams (IT, Threat Intel, IR) for comprehensive response efforts.
Participate in root cause analysis and post-incident reviews.
Continuously update knowledge on current threats, tactics, and procedures (TTPs).
Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent work experience).
3+ years of experience in a SOC or similar security role.
Strong understanding of security technologies: SIEM, IDS/IPS, firewalls, EDR, etc.
Experience with tools such as Splunk, Sentinel, QRadar, CrowdStrike, Carbon Black, or similar.
Familiarity with MITRE ATT&CK framework, NIST, and incident handling frameworks.
Ability to analyze logs, packets, and indicators of compromise (IOCs).
Solid problem-solving and communication skills.
Relevant certifications (e.g., CompTIA Security+, CySA+, GCIA, GCIH, or equivalent) are a plus.