Correlation & Automation Lead

Posted:
5/1/2024, 5:00:00 PM

Experience Level(s):
Senior

Field(s):
IT & Security

Ensign is hiring !

Key Responsibilities 

  • Perform implementation, maintenance, support and operation of the project's security monitoring use cases 
  • Maintain understanding of the architecture and work with security team to understand the use cases to be created. 
  • Identity, evaluate and recommend new areas of improvements for the implementation. 
  • Adhere to established change management process and other service management process in day-to-day tasks 
  • Create, finetune and maintain SIEM data sources, use cases, correlation rules and security alerts classifications 
  • Review, propose and generate dashboards and reports to automate monitoring of systems and log and threat intelligence feed ingestion, and reduce low value event escalations
  • Build rules and intelligence to detect threats in all monitored assets
  • Implement and devise detection method of such threats in our security operations through SIEM use cases etc
  • Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
  • Review and update data enrichment, including use of threat intelligence to enhance fidelity of detection
  • Review and maintain UEBA data sources and use cases 

 

Requirements 

  • At least 3 years of experience in security operations in a SOC environment 
  • At least 2 years of experience in creating, finetuning and maintaining correlation rules and SIEM dashboards 
  • Working experience in Regex and/or scripting 
  • Strong critical thinking / contextual analysis abilities
  • Strong investigative and analytical problem solving skills
  • Stakeholder management
  • Meticulous with an eye for details 
  • Product certification such as Splunk Enterprise Certified Administrator or equivalent 
  • Professional certification such as SANS (such as SANS GCDA, GCIA, GDSA, GMON) would be an advantage 
  • Good understanding of whole of government environment would be an advantage 

Ensign Infosecurity Pte. Ltd

Website: https://ensigninfosecurity.com/

Headquarter Location: Singapore, Central Region, Singapore

Employee Count: 501-1000

Year Founded: 2018

IPO Status: Private

Industries: Cloud Security ⋅ Consulting ⋅ Cyber Security ⋅ Identity Management ⋅ Information and Communications Technology (ICT) ⋅ Information Technology ⋅ Internet ⋅ Network Security ⋅ Penetration Testing ⋅ Professional Services