Job Description

Ensign is hiring !

Key Responsibilities:

• Lead advanced investigations into cyber threats, including malware analysis, phishing attacks, insider threats, and APTs.

• Respond to and coordinate resolution of high-severity security incidents, including containment, eradication, and recovery.

• Correlate data across multiple sources (SIEM, IDS/IPS, firewalls, endpoint, etc.) to identify and assess potential threats.

• Provide technical guidance and mentoring to L1 and L2 analysts.

• Create and refine incident response playbooks and procedures.

• Perform threat hunting using tools like ELK, Splunk, Wazuh, and Suricata.

• Liaise with threat intelligence teams to contextualize and validate alerts.

• Develop and tune SIEM use cases and detection rules to improve accuracy and reduce false positives.

• Collaborate with infrastructure, application, and risk teams to enhance cybersecurity posture.

• Document findings, analysis, and recommendations in detailed incident reports.

• Participate in red/blue/purple teaming exercises as needed.
   

Requirements:

• Bachelor’s Degree in Computer Science, Cybersecurity, Information Technology, or related field.

• Minimum 3–5 years of experience in SOC operations or cybersecurity incident response.

• Strong understanding of attack vectors, MITRE ATT&CK framework, threat actor TTPs, and digital forensics.

• Hands-on experience with SIEM tools (e.g., Splunk, QRadar, ArcSight), EDR (e.g., CrowdStrike, SentinelOne), and network monitoring tools.

• Proficient in log analysis, packet capture tools (Wireshark), and malware sandboxing.

• Scripting knowledge (e.g., Python, Bash, PowerShell) for automation and threat hunting.

• Relevant certifications preferred: GCIA, GCIH, CEH, OSCP, or equivalent.

• Excellent communication skills and the ability to present technical findings to non-technical stakeholders.

• Able to work on a 24/7 rotation schedule, including weekends and public holidays if required.

Job Requirements