Job Description

Ensign is hiring !

Key Responsibilities:

• Perform in-depth analysis of security events escalated by L1 analysts to determine scope, impact, and appropriate response actions.

• Investigate and respond to security incidents, including malware infections, phishing attacks, unauthorized access, and other cybersecurity threats.

• Conduct root cause analysis and recommend remediation and preventive actions.

• Utilize threat intelligence feeds and tools to enhance the detection and investigation process.

• Collaborate with other IT/security teams to contain and resolve incidents.

• Maintain and improve incident response runbooks and playbooks.

• Assist in tuning and optimizing SIEM rules, correlation logic, and alerts to reduce false positives.

• Mentor and support L1 analysts to ensure consistent incident handling practices.

• Prepare incident reports and executive summaries for management or customers.

• Participate in red/blue team exercises or threat-hunting activities as needed.
  

Requirements:

Education & Certification:

• Degree in Cybersecurity, Computer Science, Information Technology, or a related field.

• Relevant certifications are highly preferred: CompTIA CySA+, EC-Council ECIH, GCIA, GCFA, GCIH, etc.
  

Technical Skills:

• Strong understanding of network protocols, log analysis, and cybersecurity frameworks.

• Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, LogRhythm).

• Familiarity with EDR/XDR tools, IDS/IPS, firewalls, and forensic tools.

• Ability to write and optimize detection rules and scripts.

• Knowledge of MITRE ATT&CK and threat modeling methodologies.