E

Correlation & Automation Lead

Ensign Infosecurity
Full-time
On-site
Singapore
IT

Ensign is hiring !

Key Responsibilities 

  • Perform implementation, maintenance, support and operation of the project's security monitoring use cases 
  • Maintain understanding of the architecture and work with security team to understand the use cases to be created. 
  • Identity, evaluate and recommend new areas of improvements for the implementation. 
  • Adhere to established change management process and other service management process in day-to-day tasks 
  • Create, finetune and maintain SIEM data sources, use cases, correlation rules and security alerts classifications 
  • Review, propose and generate dashboards and reports to automate monitoring of systems and log and threat intelligence feed ingestion, and reduce low value event escalations
  • Build rules and intelligence to detect threats in all monitored assets
  • Implement and devise detection method of such threats in our security operations through SIEM use cases etc
  • Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
  • Review and update data enrichment, including use of threat intelligence to enhance fidelity of detection
  • Review and maintain UEBA data sources and use cases 

 

Requirements 

  • At least 3 years of experience in security operations in a SOC environment 
  • At least 2 years of experience in creating, finetuning and maintaining correlation rules and SIEM dashboards 
  • Working experience in Regex and/or scripting 
  • Strong critical thinking / contextual analysis abilities
  • Strong investigative and analytical problem solving skills
  • Stakeholder management
  • Meticulous with an eye for details 
  • Product certification such as Splunk Enterprise Certified Administrator or equivalent 
  • Professional certification such as SANS (such as SANS GCDA, GCIA, GDSA, GMON) would be an advantage 
  • Good understanding of whole of government environment would be an advantage 
Apply now