Security Analyst L3

Ensign is hiring !

Key Responsibilities:

• Lead investigation and incident response activities for high-severity or complex security incidents across multiple clients.
• Act as final escalation point for incidents unresolved by Tier 1 and Tier 2 analysts.
• Conduct advanced forensic analysis of logs, network traffic, endpoints, and malware to identify root cause and scope.
• Perform proactive threat hunting based on current threat intelligence, TTPs (MITRE ATT&CK), IOCs, and anomalous behavior.
• Develop and refine detection logic, SIEM correlation rules, and EDR/NDR signatures to enhance SOC effectiveness.
• Support incident containment, eradication, and recovery efforts across diverse client environments.
• Collaborate with Threat Intelligence, Engineering, and IR teams to improve tools, data sources, and workflows.
• Identify gaps in an organization’s measurement metrics, telemetry, and logging capabilities and propose enhancement strategies to achieve the intended outcomes.
• Provide technical leadership and mentorship to junior analysts, supporting their skill development and analysis quality.
• Conduct post-incident reviews and create root cause analysis (RCA) and after-action reports for clients.
• Contribute to playbook creation, tuning, and automation efforts, particularly within SOAR platforms.
• Interface with client security teams, IT teams, and executives to communicate investigation findings, remediation guidance, and strategic improvements.
• Ensure SOC processes align with industry frameworks (e.g., NIST, ISO 27001) and client-specific regulatory requirements (e.g., HIPAA, PCI-DSS).
• Lead purple team exercises or internal red vs. blue simulations to test detection coverage and SOC readiness.

Requirements:

Education & Experience:

• Bachelor’s degree in Cybersecurity, Computer Science, or related discipline (or equivalent hands-on experience).
• 4+ years of experience in a SOC or cybersecurity operations role, including experience with incident response and threat hunting.
• Prior experience in an MSSP or multi-tenant SOC environment is strongly preferred.

Technical Skills:

• Deep expertise in security tools: SIEM (e.g., Splunk, MS Sentinel, QRadar, Google SecOps, Devo), EDR (e.g., CrowdStrike, SentinelOne), NDR, SOAR.
• Strong understanding of malware behavior, exploit techniques, persistence mechanisms, and attack chain.
• Advanced knowledge of operating systems (Windows/Linux), networking, firewalls, and cloud security (e.g., Azure, AWS).
• Familiarity with threat modeling, ATT&CK framework, cyber kill chain, and detection engineering.
• Experience with scripting and automation (e.g., Python, Bash, PowerShell) to improve SOC efficiency.

Certifications (preferred):

• GIAC certifications (e.g., GCIH, GCFA, GCIA, GDAT, GNFA)
• Offensive Security (OSCP) or equivalent
• CompTIA CASP+, CySA+
• Microsoft SC-200, Azure Defender certifications

Key Competencies:

• Strong investigative and analytical skills with attention to detail.
• Ability to manage multiple critical incidents and prioritize effectively under pressure.
• Excellent verbal and written communication, especially in client-facing contexts.
• Leadership and mentoring abilities to upskill junior staff and strengthen SOC maturity.
• Strategic thinking with a continuous improvement mindset.
• High degree of professionalism, discretion, and accountability.

Shift Expectations:

• Generally operates in a regular business-hour schedule, but must be available for escalation during critical incidents.
• May participate in on-call rotations or emergency response shifts depending on client SLAs.

Career Path:

Progression into roles such as SOC Team Lead, Incident Response Manager, Threat Intelligence Lead, or Security Architect, based on leadership, innovation, and impact.