Job Description

Ensign is hiring !

Responsibilities

• Monitor third party security feeds, forums, and mailing lists to gather information related to the client through automated means
• Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and open source reporting
• Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds
• Review vulnerabilities advisories
• Review and process threat intelligence reports
• Perform detailed investigative works into all traffic anomalies against established, historical baselines of individual agencies. Reviewing and profiling the events of all monitored clients
• Assess each event based on factual information and wider contextual information available
• Review, propose and generate reports to automate or reduce low value event escalations
• Build rules and intelligence to detect such threats and proliferate to all monitored networks
• Implementing and devising detection method of such threats in our security operations through SIEM Rules, DB scripts etc
• Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
• Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. Netflow, DNS and Firewall logs, etc.)
• Assist the Security Analysts with the investigative works
• Prepare training programme for Security Analyst and conduct knowledge sharing sessions for Security Analyst
• Fulfil Change Requests, Service Requests and respond to internal / external enquiries with regards to detection Use Case
• Any other tasks as assigned

Requirements

• Degree holder with at least 5 years' of experience in related field and capacity
• Prior experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT)
• Possessed deep interest in open source research and critical thinking / contextual analysis abilities
• Has proper understanding of network, apps,and server fundamentals, and be able to identify and analyze logs thoroughly by looking at the indicators
• Has understanding of MITRE ATT&CK framework or cyber kill chain
• Investigative and analytical problem solving skills
• An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security
• Related professional cyber security certification, such as GCIA, CEH, will be preferred
• Experience with intelligence analysis processes, including Open Source Intelligence (OSINT) and closed source intelligence gathering, source verification, data fusion, link analysis, and threat actor
• Ability to research and characterize security threats to include identification and classification of threat indicators

Job Requirements