Role Summary
The Managed Detection & Response (MDR) Analyst is responsible for supporting the operation of Ensign's Managed Endpoint Detection & Response services, monitoring security alerts, performing first and second-level analysis, and executing response actions under guidance. The analyst will assist in proactive threat hunting activities, contribute to incident investigations, and continuously improve detection coverage as part of the MDR program team.
This role is ideal for individuals passionate about cyber defense who want hands-on exposure to MDR operations, endpoint security, and SOC incident handling in real-world environments.
Key Responsibilities
MDR Monitoring & Operations
- Monitor Managed Endpoint Detection & Response (MDR) platforms and review alerts for malicious or suspicious activities.
- Perform initial triage, validation, and prioritization of MDR notifications.
- Execute approved response actions (isolate host, kill process, quarantine files, block hashes) in accordance with established playbooks and client agreements.
- Assist in maintaining MDR workflows, documentation, and SOPs.
Incident Analysis & SOC Support
- Act as part of the first responder team for security incidents escalated from SOC monitoring.
- Perform initial to mid-level analysis of security events, logs, and endpoint telemetry to determine impact and severity.
- Liaise with clients where required to communicate incident observations, root cause understanding, and recommended actions under supervision.
Threat Hunting & Detection Support
- Assist in proactive threat hunting activities under guidance from senior analysts.
- Support identification and documentation of Indicators of Compromise (IOCs) and suspicious behaviors.
- Work with threat intelligence teams to operationalize intelligence into MDR detections.
- Contribute ideas to improve alert quality, visibility, and detection coverage.
Operational Readiness & Continuous Improvement
- Assist in identifying gaps in logging, telemetry, and endpoint visibility based on real incidents.
- Participate in development and refinement of response workflows and MDR procedures.
- Support knowledge sharing, case documentation, and lessons-learned activities.
Requirements
- Diploma or Degree in Cyber Security, Computer Science, Information Systems, or related discipline.
- Up to 2 years of experience in SOC operations, EDR/MDR monitoring, cyber defense, or related security operations role. Fresh graduates with strong interest in cyber security are also encouraged to apply.
- Basic understanding of operating systems (Windows, Linux), malware behavior, and network fundamentals.
- Familiarity with SIEM, EDR, or security monitoring tools preferred (CrowdStrike, Microsoft Defender, SentinelOne, etc.).
- Strong analytical mindset with attention to detail and curiosity to investigate.
- Good written and verbal communication skills.
- Ability to work in fast-paced environments with a strong sense of responsibility and teamwork.
Preferred Skills / Advantageous
- Hands-on lab, internship, SOC exposure, or school project experience in cyber defense.
- Basic scripting knowledge (PowerShell, Python) is advantageous.
- Understanding of MITRE ATT&CK framework is beneficial.
- Relevant certifications are a plus (CEH, Security+, GCIA, GCIH, Blue Team certifications, etc.).
Working Conditions
- May require participation in SOC rotation or incident escalation roster depending on operational needs.
- Shift requirements may apply based on client operations.
- Training and mentorship support will be provided
