Ensign is hiring !
Key Responsibilities:
Lead high-severity incident response and containment activities, coordinating with stakeholders across IT and business units.
Conduct in-depth forensic analysis on endpoints, networks, and logs to determine the root cause and impact of security incidents.
Develop advanced detection use cases and correlation rules based on threat intelligence and TTPs (MITRE ATT&CK, etc.).
Perform proactive threat hunting using SIEM, EDR, and threat intel feeds to uncover undetected threats.
Review and fine-tune alerts, playbooks, and automation workflows to reduce false positives and improve SOC efficiency.
Mentor L1 and L2 analysts, providing guidance, training, and quality review of investigations.
Serve as a technical escalation point for complex security issues and investigations.
Contribute to incident post-mortems and provide recommendations to improve security posture and processes.
Collaborate with red/purple teams and engineering to simulate attacks and validate defense effectiveness.
Requirements:
Education & Certification:
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
Strongly preferred certifications:
GIAC (GCFA, GCIH, GCIA, GDAT)
CISSP, OSCP, or equivalent
Technical Skills:
Deep understanding of security monitoring and detection tools (SIEM, EDR, IDS/IPS, SOAR).
Strong hands-on experience in forensic tools, log analysis, malware analysis, and packet inspection.
Solid grasp of attacker tactics, techniques, and procedures (TTPs), threat modeling, and behavior analytics.
Familiarity with scripting or automation (Python, PowerShell, Bash) is an advantage.
Experience with Windows, Linux, and cloud environments (AWS/Azure security monitoring).
Soft Skills:
Excellent analytical and problem-solving skills.
Strong written and verbal communication, including report writing.
Ability to lead investigations and influence cross-functional teams under pressure.
Preferred Experience:
4–6+ years of experience in SOC operations, incident response, or threat detection.
Experience working in or leading incident response within a 24x7 SOC or MSSP environment.
Prior involvement in threat hunting or red/purple team collaboration is a strong plus.