SecurityEngineer

Ensign is hiring ! * Configure and administer the SIEM to support the needs of SOC. * Responsible for maintaining the health of the SIEM tool and ensuring agreed uptime of the respective platform. * Perform regular patching and version upgrades on the SIEM platform. * Configure respective parsers, forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring. * Research, build, and maintain detection capabilities for the latest threats across SIEM, log analytic, and security tool platforms. * Ensure real time data and Configuration replication between Primary and DR sites. * Integrate data feeds (logs) into SIEM/Splunk from on-premises and cloud deployed devices and applications. * Explore leading cybersecurity products. Work with 3rd party security consultants and service providers to ensure all security aspects are covered. Operate security solutions such as SIEM, PAM, EDR, IDS/IPS and Web Application Firewall while ensuring compliance to regulatory standards and procedures. * Security Automation: Automating processes using well-known frameworks such as PowerShell, Python, Bash, etc. As well as SOAR build out. (look like using AWS lambda to integration (CloudFront/WAF/ALB) and automating your work.) * Continuous Monitoring: Management AWS Guard duty and intrusion detection, User Behavior, and other security monitoring. * Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated. * Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases. * Provide security consultancy to other internal teams for matters relating to the SIEM. * Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support * Advise clients of security standards, best practice and solutions relatin