Ensign is hiring !

Key Responsibilities:

• Lead high-severity incident response and containment activities, coordinating with stakeholders across IT and business units.

• Conduct in-depth forensic analysis on endpoints, networks, and logs to determine the root cause and impact of security incidents.

• Develop advanced detection use cases and correlation rules based on threat intelligence and TTPs (MITRE ATT&CK, etc.).

• Perform proactive threat hunting using SIEM, EDR, and threat intel feeds to uncover undetected threats.

• Review and fine-tune alerts, playbooks, and automation workflows to reduce false positives and improve SOC efficiency.

• Mentor L1 and L2 analysts, providing guidance, training, and quality review of investigations.

• Serve as a technical escalation point for complex security issues and investigations.

• Contribute to incident post-mortems and provide recommendations to improve security posture and processes.

• Collaborate with red/purple teams and engineering to simulate attacks and validate defense effectiveness.
   

Requirements:

Education & Certification:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• Strongly preferred certifications:

  • GIAC (GCFA, GCIH, GCIA, GDAT)

  • CISSP, OSCP, or equivalent
     

Technical Skills:

• Deep understanding of security monitoring and detection tools (SIEM, EDR, IDS/IPS, SOAR).

• Strong hands-on experience in forensic tools, log analysis, malware analysis, and packet inspection.

• Solid grasp of attacker tactics, techniques, and procedures (TTPs), threat modeling, and behavior analytics.

• Familiarity with scripting or automation (Python, PowerShell, Bash) is an advantage.

• Experience with Windows, Linux, and cloud environments (AWS/Azure security monitoring).
   

Soft Skills:

• Excellent analytical and problem-solving skills.

• Strong written and verbal communication, including report writing.

• Ability to lead investigations and influence cross-functional teams under pressure.
   

Preferred Experience:

• 4–6+ years of experience in SOC operations, incident response, or threat detection.

• Experience working in or leading incident response within a 24x7 SOC or MSSP environment.

• Prior involvement in threat hunting or red/purple team collaboration is a strong plus.