Correlation & Automation Lead

Ensign is hiring !

• Perform implementation, maintenance, support and operation of the project's security monitoring use cases
• Maintain understanding of the architecture and work with security team to understand the use cases to be created.
• Identity, evaluate and recommend new areas of improvements for the implementation.
• Adhere to established change management process and other service management process in day-to-day tasks
• Create, finetune and maintain SIEM data sources, use cases, correlation rules and security alerts classifications
• Review, propose and generate dashboards and reports to automate monitoring of systems and log and threat intelligence feed ingestion, and reduce low value event escalations
• Build rules and intelligence to detect threats in all monitored assets
• Implement and devise detection method of such threats in our security operations through SIEM use cases etc
• Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
• Review and update data enrichment, including use of threat intelligence to enhance fidelity of detection
• Review and maintain UEBA data sources and use cases

• At least 3 years of experience in security operations in a SOC environment
• At least 2 years of experience in creating, finetuning and maintaining correlation rules and SIEM dashboards
• Working experience in Regex and / or scripting
• Strong critical thinking / contextual analysis abilities
• Strong investigative and analytical problem solving skillsStakeholder management
• Meticulous with an eye for details
• Product certification such as Splunk Enterprise Certified Administrator or equivalent
• Professional certification such as SANS (such as SANS GCDA, GCIA, GDSA, GMON) would be an advantage
• Good understanding of whole of government environment would be an advantage