Ensign is hiring !Key Responsibilities:Develop, customize, and maintain security monitoring content for SIEM and SOAR platforms (e.g., custom rules, alerts, correlation searches, dashboards).Build automation playbooks for incident response using SOAR platforms to reduce response time and analyst workload.Integrate new data sources into SIEM tools and ensure parsing, normalization, and enrichment.Create and maintain scripts and tools to support threat detection, investigation, and reporting.Work with SOC Analysts and Threat Hunters to develop new detection use cases and improve existing ones.Participate in the threat lifecycle, assisting in the development of detection logic based on threat intel and attack techniques (e.g., MITRE ATT&CK).Collaborate with infrastructure and application teams to ensure proper logging and telemetry.Maintain documentation of code, detection logic, use case coverage, and automation workflows.Requirements:Education & Certification:Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field.Certifications such as GIAC GMON, GCDA, GCIA, or equivalent are an advantage.Technical Skills:Strong experience with SIEM technologies (e.g., Splunk, QRadar, ELK).Experience with SOAR platforms (e.g., Cortex XSOAR, Splunk Phantom, IBM Resilient).Proficiency in scripting and development languages such as Python, JavaScript, or Bash.Familiarity with REST APIs, JSON, and integration methods.Understanding of cybersecurity concepts, attack techniques, and defensive strategies.Familiarity with MITRE ATT&CK, cyber threat intelligence, and incident handling workflows.
