Job Description

Ensign is hiring !

The SIEM engineer will architect, implement, and maintain various SIEM solutions for our customers to support our security analysts. This role will primarily setup, maintain, and enhance various SIEMs.

• Configure and administer the SIEM to support the needs of SOC.
• Responsible for maintaining the health of the SIEM tool and ensuring agreed uptime of the respective platform.
• Perform regular patching and version upgrades on the SIEM platform.
• Configure respective parsers, forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring.
• Research, build, and maintain detection capabilities for the latest threats across SIEM, log analytic, and security tool platforms.
• Ensure real time data and Configuration replication between Primary and DR sites.
• Integrate data feeds (logs) into SIEM/Splunk from on-premises and cloud deployed devices and applications.
• Explore leading cybersecurity products. Work with 3rd party security consultants and service providers to ensure all security aspects are covered. Operate security solutions such as SIEM, PAM, EDR, IDS/IPS and Web Application Firewall while ensuring compliance to regulatory standards and procedures.
• Security Automation: Automating processes using well-known frameworks such as PowerShell, Python, Bash, etc. As well as SOAR build out. (look like using AWS lambda to integration (CloudFront/WAF/ALB) and automating your work.)
• Continuous Monitoring: Management AWS Guard duty and intrusion detection, User Behavior, and other security monitoring.
• Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated.
• Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases.
• Provide security consultancy to other internal teams for matters relating to the SIEM.
• Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support
• Advise clients of security standards, best practice and solutions relating to SIEM and SOC solutions.

• Advanced knowledge and experience of Cyber Security and evidence of working as a SIEM Engineer with previous experience of the software, including architectural design, configuring, operating and problem-solving activities.
• A good understanding of implementing use cases and operational models or specific security solutions to meet the customer's requirement and understand how SIEM solution
• Hands-on experience in a two or more of the key security domains such as: security operations (SIEM, EDR, vulnerability management), Cloud security, Data security, Identity and access management, and secure software development lifecycle
• Knowledge of networking and AWS/Azure Cloud Security practices and tools.
• SIEM related certifications for Administration, implementation, deployment, architecture.