Job Description

Ensign is hiring !
Duties and Responsibilities

• 
  Configure and administer the SIEM to support the needs of SOC
• 
  Responsible for maintaining the health of the SIEM tool and ensuring agreed uptime of the respective platform
• 
  Perform regular patching and version upgrades on the SIEM platform
• 
  Configure respective parsers, forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring
• 
  Research, build, and maintain detection capabilities for the latest threats across SIEM, log analytic, and security tool platforms
• 
  Ensure real time data and Configuration replication between Primary and DR sites.
• 
  Integrate data feeds (logs) into SIEM/Splunk from on-premises and cloud deployed devices and applications
• 
  Explore leading cybersecurity products. Work with 3rd party security consultants and service providers to ensure all security aspects are covered. Operate security solutions such as SIEM, PAM, EDR, IDS/IPS and Web Application Firewall while ensuring compliance to regulatory standards and procedures
• 
  Security Automation: Automating processes using well-known frameworks such as PowerShell, Python, Bash, etc. As well as SOAR build out. (look like using AWS lambda to integration (CloudFront/WAF/ALB) and automating your work)
• 
  Continuous Monitoring: Management AWS Guard duty and intrusion detection, User Behavior, and other security monitoring
• 
  Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated
• 
  Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases
• 
  Provide security consultancy to other internal teams for matters relating to the SIEM.
• 
  Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support
• 
  Advise clients of security standards, best practice and solutions relating to SIEM and SOC solutions

• 
  Advanced knowledge and experience of Cyber Security and evidence of working as a SIEM Engineer with previous experience of the software, including architectural design, configuring, operating and problem-solving activities.
• 
  A good understanding of implementing use cases and operational models or specific security solutions to meet the customer\xe2\x80\x99s requirement and understand how SIEM solution
• 
  Hands-on experience in a two or more of the key security domains such as: security operations (SIEM, EDR, vulnerability management), Cloud security, Data security, Identity and access management, and secure software development lifecycle
• 
  Knowledge of networking and AWS/Azure Cloud Security practices and tools.
• 
  SIEM related certifications for Administration, implementation, deployment, architecture