Ampang Jaya - Senior Security Analyst (SOC Level 3)

Ensign is hiring !

Key Responsibilities:

• Lead high-severity incident response and containment activities, coordinating with stakeholders across IT and business units.
• Conduct in-depth forensic analysis on endpoints, networks, and logs to determine the root cause and impact of security incidents.
• Develop advanced detection use cases and correlation rules based on threat intelligence and TTPs (MITRE ATT&CK, etc.).
• Perform proactive threat hunting using SIEM, EDR, and threat intel feeds to uncover undetected threats.
• Review and fine-tune alerts, playbooks, and automation workflows to reduce false positives and improve SOC efficiency.
• Mentor L1 and L2 analysts, providing guidance, training, and quality review of investigations.
• Serve as a technical escalation point for complex security issues and investigations.
• Contribute to incident post-mortems and provide recommendations to improve security posture and processes.
• Collaborate with red/purple teams and engineering to simulate attacks and validate defense effectiveness.

Requirements:

Education & Certification:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Strongly preferred certifications:
• GIAC (GCFA, GCIH, GCIA, GDAT)
• CISSP, OSCP, or equivalent

Technical Skills:

• Deep understanding of security monitoring and detection tools (SIEM, EDR, IDS/IPS, SOAR).
• Strong hands-on experience in forensic tools, log analysis, malware analysis, and packet inspection.
• Solid grasp of attacker tactics, techniques, and procedures (TTPs), threat modeling, and behavior analytics.
• Familiarity with scripting or automation (Python, PowerShell, Bash) is an advantage.
• Experience with Windows, Linux, and cloud environments (AWS/Azure security monitoring).

Soft Skills:

• Excellent analytical and problem-solving skills.
• Strong written and verbal communication, including report writing.
• Ability to lead investigations and influence cross-functional teams under pressure.

Preferred Experience:

• 4–6+ years of experience in SOC operations, incident response, or threat detection.
• Experience working in or leading incident response within a 24x7 SOC or MSSP environment.
• Prior involvement in threat hunting or red/purple team collaboration is a strong plus.