Job Description

Ensign is hiring !

• Manage common threat detection use case library
• Monitor threat landscape and generate threat detection content to detect latest threats and distribute among CSOCs efficiently and a timely manner
• Actively support threat detection rule/dashboard creation process in CSOCs under SOCaaS, update common threat detection use case library and redistribute the content across all applicable CSOCs.
• Work on use case development tasks raised as a result of analyst threat hunt findings, across all CSOCs under SOCaaS.
• Actively Support SIEM use case management process across all CSOCs under SOCaaS.
• Analyse log sources onboarded to SIEMs, understand capabilities of deployed technical controls and develop new effective threat detection content
• Leverages internal and external resources to research threats, vulnerabilities and intelligence on various threat actors and exploitation tools, platforms and generate high fidelity threat detection content.
• Use an analytics platform to identify threats in the available information repositories.
• Perform threat research to identify potential threat vectors and work with multi-disciplines to improve prevention and detection methods.
• Support SOC directors to Identify gaps in CSOC threat detection rules, telemetry and logging capabilities and propose enhancement plans to achieve improved detection capabilities.

Actively take part in CSOC automation cadence and suggest ideas to improve analyst efficiency and investigation accuracyRequirements

• Bachelor Degree in Computer Engineering, Computer Science, Cyber Security, Information Security or other equivalents
• In-depth understanding of Sigma
• Skilled in threat hunting
• In-depth understanding of Mitre Att&ck framework
• Ability to communicate with multiple stakeholders with clarity
• Thorough understanding of functionality of Cloud platforms, firewalls, IPS, EDR, proxy, Gitlab, API and SIEM
• Good understanding Win and Linux/Mac
• Curious mindset, drive to acquire new knowledge/skills and apply the knowledge to solve problems.
• Scripting knowledge on Python, Go, Powershell, or Bash

Preferred Skills /Qualities

• Regularly keeping up with infosec affairs, threat landscapes and exposed to well-known threat actors.
• Preferred Self starter and be independent on threat research activities
• Able to install and use own mini test Lab from scratch
• Ability to show proficiency in one or more regional languages and dialects.
• Clarity of communication, ability to listen to stakeholders and translate conversations into technical requirements

Ensign InfoSecurity