Job Description

Ensign is hiring !
Key Responsibilities
1. Technical Leadership and Delivery

• Provide hands-on technical leadership in the design, deployment, and optimization of SOC-related technologies (SIEM, SOAR, TIP, UEBA, BAS, Data Streaming, etc.).
• Act as the technical authority for solution design, integration, and performance validation across hybrid and multi-cloud environments.
• Lead complex client implementations, ensuring solutions meet functional and security requirements.
• Mentor and guide engineers in advanced SOC technologies, detection engineering, and automation best practices.
• Support project managers in technical planning, risk mitigation, and quality assurance.

2. Advanced Analytics Engineering

• Develop and fine-tune advanced detection, correlation, and automation content for SOC platforms.
• Build and enhance Detection-as-Code and Automated Response Frameworks, integrating with AI/ML and Threat Intelligence pipelines.
• Design and implement scalable data pipelines and enrichment workflows to support large-scale analytics.
• Conduct architecture and performance reviews to continuously improve visibility, detection fidelity, and response efficiency.

3. Presales and Solution Design

• Collaborate with sales and solution teams to participate in technical discussions, proof-of-value (POV) exercises, and proposal development.
• Design solution architectures, prepare BOMs, and develop scopes of work (SOWs) for client proposals and tenders.
• Deliver technical presentations, demonstrations, and workshops to clients and prospects.
• Evaluate emerging technologies and recommend innovations to enhance SOC capabilities.

4. Technical Governance and Support

• Establish and maintain governance frameworks for detection content, response playbooks, and integrations.
• Provide advanced troubleshooting and escalation support for complex SOC environments.
• Develop and maintain detailed technical documentation, configuration baselines, and operational guides.

Qualifications and Requirements

• Bachelor's Degree in Computer Science, Information Technology, or Cybersecurity, or equivalent experience.
• 5-8 years of hands-on cybersecurity experience, including deployment and management of SOC technologies.
• Proven technical leadership in SOC engineering or advanced analytics domains.
• Deep expertise in at least two of the following:

• SIEM/XDR/UEBA: Splunk, Elastic, Exabeam, Microsoft Sentinel, Google SecOps, Crowdstrike, Palo Alto XDR
• SOAR: Cortex XSOAR, Splunk SOAR, or equivalents
• TIP: Anomali, EclectiqIQ, or similar platforms
• BAS/Data Streaming: Cymulate, AttackIQ, Cribl, Confluent, etc.
• Experience with DevSecOps, CI/CD automation, or Cloud environments (AWS, Azure, GCP).
• Strong problem-solving and troubleshooting skills, capable of resolving complex technical escalations.
• Excellent communication and documentation skills; comfortable engaging with technical and non-technical stakeholders.
• Professional certifications such as SANS, ISC2, Splunk, Elastic, or Cloud Security credentials are advantageous.
• A passion for cybersecurity innovation, continuous learning, and elevating technical standards across the team.

Skills Required