L2 - Security Analyst

Ensign is hiring !

Key Responsibilities:

• Analyze and respond to escalated alerts from Tier 1 analysts across multiple clients.
• Conduct in-depth investigations using SIEM, EDR, NDR, firewall logs, and other security tools.
• Perform malware analysis, log correlation, and network traffic analysis to identify attack vectors.
• Execute containment, eradication, and recovery procedures using predefined runbooks and playbooks.
• Escalate and coordinate with Level 3 analysts or incident response teams for high-severity incidents.
• Provide technical guidance, support, and mentoring to Tier 1 analysts.
• Identify gaps in detection capabilities and recommend improvements in correlation rules, tuning, and alerts.
• Support proactive threat hunting initiatives based on IOCs, TTPs, and contextual threat intelligence.
• Monitor external threat intelligence feeds and correlate them with client telemetry to identify potential risks.
• Maintain clear and accurate documentation of all investigations, actions taken, and incident outcomes.
• Contribute to the continuous improvement of SOC processes, including the development of SOPs, playbooks, and runbooks.
• Ensure all activities are performed in compliance with client-specific SLAs, internal policies, and applicable regulatory standards.
• Participate in client-specific onboarding activities to ensure monitoring tools are correctly configured.
• Join incident review meetings and provide root cause analysis and post-incident reporting when required.
• Handle shift handovers with detailed summaries and ensure continuity of investigations and tasks.
• Participate in internal knowledge-sharing sessions and contribute to SOC-wide initiatives and improvements.

Requirements:

Education & Experience:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field—or equivalent work experience.
• 2–4 years of experience in a Security Operations Center or similar cybersecurity environment.
• Experience working in an MSSP or multi-tenant environment is highly desirable.

Technical Skills:

• Strong experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar, Google SecOps).
• Hands-on experience with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender, FireEye).
• Familiarity with NDR and SOAR platforms is a plus (e.g., Darktrace, Corelight, Cortex XSOAR).
• Strong understanding of networking protocols, log analysis, and system administration (Windows/Linux).
• Knowledge of malware behaviors, phishing techniques, and MITRE ATT&CK framework.
• Experience with scripting and automation tools (e.g., Python, PowerShell) is a plus.
• Familiarity with case management tools (e.g., Jira, ServiceNow, TheHive).

Certifications (preferred):

• CompTIA Security+, CySA+, or equivalent.
• GIAC certifications (e.g., GCIH, GCIA, GCFA).
• CEH, or vendor-specific certifications (e.g., Microsoft SC-200, CrowdStrike CCFR).

Key Competencies:

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication—especially in client-facing documentation and briefings.
• Ability to handle multiple investigations and prioritize effectively under pressure.
• Customer-centric mindset with attention to SLA adherence and service quality.
• Collaborative, team-oriented, and proactive with continuous learning attitude.

Shift Expectations:

• Participation in shift rotations (24/7 support model, if applicable), including weekends and public holidays.
• On-call support may be required depending on client SLAs and incident severity.