Correlation & Automation Lead

Ensign is hiring !

Key Responsibilities 

• Perform implementation, maintenance, support and operation of the project's security monitoring use cases 
• Maintain understanding of the architecture and work with security team to understand the use cases to be created. 
• Identity, evaluate and recommend new areas of improvements for the implementation. 
• Adhere to established change management process and other service management process in day-to-day tasks 
• Create, finetune and maintain SIEM data sources, use cases, correlation rules and security alerts classifications 
• Review, propose and generate dashboards and reports to automate monitoring of systems and log and threat intelligence feed ingestion, and reduce low value event escalations
• Build rules and intelligence to detect threats in all monitored assets
• Implement and devise detection method of such threats in our security operations through SIEM use cases etc
• Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
• Review and update data enrichment, including use of threat intelligence to enhance fidelity of detection
• Review and maintain UEBA data sources and use cases 

Requirements 

• At least 3 years of experience in security operations in a SOC environment 
• At least 2 years of experience in creating, finetuning and maintaining correlation rules and SIEM dashboards 
• Working experience in Regex and/or scripting 
• Strong critical thinking / contextual analysis abilities
• Strong investigative and analytical problem solving skills
• Stakeholder management
• Meticulous with an eye for details 
• Product certification such as Splunk Enterprise Certified Administrator or equivalent 
• Professional certification such as SANS (such as SANS GCDA, GCIA, GDSA, GMON) would be an advantage 
• Good understanding of whole of government environment would be an advantage