Ensign is hiring !

Responsibilities

• Monitor client environments using SIEM and/or EDR platforms to detect, triage, and respond to cybersecurity threats in accordance with agreed SOPs and industry best practices
• Analyse and investigate security alerts escalated from client teams, MSSPs, and internal systems; lead or support incident response through to closure
• Triage alerts from the SIEM to identify notable alerts for escalation, based on established operating procedures or industry best practices
• Advise clients on possible follow-up actions and remediation measures for escalated alerts
• Respond to incidents and critical alerts outside of office hours when required
• Perform indicator of compromise (IOC) searches and triage incoming threat intelligence to assess relevance to client assets
• Gather and report on threat intelligence using the client's Threat Intelligence Platform
• Coordinate with client stakeholders including IT, infrastructure, application, and business teams during active incidents and programme activities
• Collaborate with MSSPs and Ensign delivery teams on detection tuning to reduce noise and improve fidelity
• Manage detection use cases, dashboards, and reports on SIEM: perform monthly and ad hoc reviews, validate and maintain existing rules, and develop and implement new use cases
• Manage playbooks, automation scripts, and integrations on SOAR: review, validate, maintain, and develop new playbooks; optimise existing ones for accuracy and efficiency
• Any other tasks as assigned

Requirements

• Degree in Computer Science, Information Security, or a related discipline
• 3 to 7 years of experience in cybersecurity operations or a Security Operations Centre (SOC) environment
• Hands-on experience with SIEM platforms and solid understanding of network, Windows, and Linux infrastructure
• Experience in security, network, and cyber threat analysis
• Demonstrated ability to triage, investigate, and respond to security incidents independently
• Comfortable operating in a client-facing, on-site environment with direct accountability to client stakeholders
• Clear written and verbal communication; able to produce structured incident reports and brief senior stakeholders
• GIAC Certified Incident Handler (GCIH) or equivalent certification required

Preferred Skills / Qualities

• Working knowledge of SOAR platforms; experience with playbook development or automation scripting
• Knowledge of cloud infrastructure security (AWS, Azure, or GCP)
• Familiarity with Threat Intelligence Platforms and IOC management workflows
• Exposure to Singapore regulatory frameworks: CSA advisories, IMDA guidelines, MAS TRM
• Additional certifications such as GCFE, GCFA, OSCP, or vendor product certifications