SOC Developer

Ensign is hiring !

Key Responsibilities:

• Develop, customize, and maintain security monitoring content for SIEM and SOAR platforms (e.g., custom rules, alerts, correlation searches, dashboards).

• Build automation playbooks for incident response using SOAR platforms to reduce response time and analyst workload.

• Integrate new data sources into SIEM tools and ensure parsing, normalization, and enrichment.

• Create and maintain scripts and tools to support threat detection, investigation, and reporting.

• Work with SOC Analysts and Threat Hunters to develop new detection use cases and improve existing ones.

• Participate in the threat lifecycle, assisting in the development of detection logic based on threat intel and attack techniques (e.g., MITRE ATT&CK).

• Collaborate with infrastructure and application teams to ensure proper logging and telemetry.

• Maintain documentation of code, detection logic, use case coverage, and automation workflows.
   

Requirements:

Education & Certification:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field.

• Certifications such as GIAC GMON, GCDA, GCIA, or equivalent are an advantage.

Technical Skills:

• Strong experience with SIEM technologies (e.g., Splunk, QRadar, ELK).

• Experience with SOAR platforms (e.g., Cortex XSOAR, Splunk Phantom, IBM Resilient).

• Proficiency in scripting and development languages such as Python, JavaScript, or Bash.

• Familiarity with REST APIs, JSON, and integration methods.

• Understanding of cybersecurity concepts, attack techniques, and defensive strategies.

• Familiarity with MITRE ATT&CK, cyber threat intelligence, and incident handling workflows.