Job Description

Ensign is hiring !

As a Security Consultant, you will be responsible for the architectural design, deployment, and seamless integration of complex security solutions within our regional infrastructure. This role acts as the technical bridge between initial deployment and long-term Security Operations Center (SOC) success. You will ensure that all security telemetry is properly ingested, normalized, and optimized to enable high-fidelity detection and automated response capabilities.

Key Responsibilities

• Engineering & Deployment: Lead the end-to-end integration of security platforms, including SIEM (e.g., Splunk, Elastic, QRadar), EDR, Security Gateway, and SOAR technologies.
• SOC Enablement: Collaborate closely with SOC analysts to develop custom detection rules, dashboards, and automated playbooks that reduce alert noise and improve Mean Time to Respond (MTTR).
• Data Pipeline Management: Design and maintain robust data ingestion pipelines. This includes configuring log collectors, managing API integrations, and ensuring data parsing (regex/normalization) aligns with common schemas such as CIM or ECS.
• Technical Documentation: Produce high-quality architectural diagrams, standard operating procedures (SOPs), and migration plans for senior leadership and technical stakeholders.

Required Qualifications & Skills

• Experience: 3–5+ years in cybersecurity engineering, SIEM administration, or a similar technical integration role.
• Platform Expertise: Proficiency in major security platforms. Preference for candidates with experience in Palo Alto Cortex XSIAM/XSOAR, Splunk Cloud, or Elastic Stack.
• Technical Proficiencies:
  • Advanced scripting/coding skills (Python, Shell, etc.) for automation.
  • Proficiency in common Linux commands.
  • Deep understanding of the TCP/IP protocol stack, API (REST/JSON) integrations, and cloud infrastructure (Alibaba Cloud, AWS, or Azure).
  • Ability to independently troubleshoot common SOC faults and anomalies.
• SOC Knowledge: Solid understanding of the ATT&CK Framework, incident response lifecycles, and threat hunting methodologies.
• Regional Context: Familiarity with the cybersecurity vendor landscape in China and APAC regional compliance standards.
• Language Skills: Fluent Cantonese communication ability, and basic English reading/writing capability.

Preferred Certifications (one of the following is a plus)

• Vendor-related cybersecurity certifications (e.g., Splunk, Palo Alto)
• CISSP, CISM, or equivalent professional security certifications

Soft Skills

• Strategic Thinking: Ability to translate high-level SOC maturity roadmaps into executable technical tasks.
• Communication: Proven ability to explain complex technical issues to non-technical senior management.
• Problem Solving: A proactive mindset for identifying "human error" risks in configurations and implementing automated safeguards.
• Project Management: Ability to manage project progress and ensure successful delivery.