Job Description

Ensign is hiring !
The Security Analyst (Level 3) serves as the senior escalation point within the Security Operations Centre (SOC). This role is responsible for advanced incident detection, analysis, containment, and response activities. The L3 Analyst provides technical guidance to junior analysts (L1 & L2), leads threat-hunting initiatives, and contributes to the continuous improvement of SOC processes, detection capabilities, and security posture across clients.
Incident Response & Investigation
Lead the investigation and resolution of high-severity cybersecurity incidents and advanced threats.
Perform deep-dive analysis of malware, phishing campaigns, and intrusion attempts.
Coordinate incident response efforts with internal teams and external stakeholders.
Prepare detailed incident reports, root cause analyses, and post-incident reviews.
Threat Hunting & Intelligence
Conduct proactive threat-hunting activities using SIEM, EDR, and threat intelligence feeds.
Identify and mitigate emerging threats and vulnerabilities affecting client environments.
Correlate threat intelligence data with SOC alerts to identify false positives and refine detection rules.
SOC Operations & Process Improvement
Review and fine-tune security event correlation rules and use cases within SIEM platforms.
Support automation and playbook development to enhance SOC efficiency.
Provide mentorship, guidance, and technical support to L1 and L2 analysts.
Participate in the creation and enforcement of SOC standard operating procedures (SOPs).
Reporting & Continuous Improvement
Prepare periodic reports on threat trends, incident metrics, and SOC performance.
Collaborate with the engineering and threat intelligence teams to enhance detection coverage.
Recommend and implement improvements in tools, processes, and incident response frameworks.
Education & Certifications
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
Professional certifications such as GCIA, GCIH, CEH, CompTIA CySA+, or CISSP preferred.
Experience
Minimum 5-7 years of experience in Security Operations, Incident Response, or Threat Hunting.
Strong understanding of SIEM platforms (e.g., Splunk, QRadar, ArcSight, Sentinel).
Hands-on experience with EDR tools, firewalls, IDS/IPS, and log analysis.
Skills
Strong analytical, investigative, and problem-solving skills.
Familiarity with MITRE ATT&CK Framework, NIST, and ISO 27001 controls.
Excellent communication skills for incident coordination and reporting.
Ability to work independently under pressure and manage multiple priorities.

Skills Required