As part of the creation of a shared SOC / CSIRT, you will be in charge of the security monitoring of the information systems of our customers.
As such, you will perform the following missions:
• Analysis and interpretation L2 of alerts from the supervision center: analysis of security logs and network flows from SIEM, management of security incidents (Vulnerabilities, DLP, APT, Virus).
• Electronic / Inforensic investigation (log timeline, deep-inspection of workstations and server, anomaly search, system trace analysis, preservation of evidence elements, memory fingerprints etc ...:
• Low signal analysis on BigData (Hadoop / ElasticSearch)
• Answers to inquiries from HR correspondents, Anti Fraud, etc ....
• Watch: Threats, vulnerabilities, IOCs, newsletters.
• Reporting: participation in the writing of monitoring reports of client activities.
• Documentation: writing incident response procedures (reaction in case of major viral incidents, denial of service, intrusion, etc.)
• Maintenance in operational condition: monitoring maintenance operations and updating the SIEM and other security tools that make up the SOC infrastructure.
• Training of the L1 team in the processing of security alerts.
• Linux (90% including Kali), Windows
• SIEM (Qradar / SplunkI
• Nessus, Metasploit, Sqlmap, Prelude, TCPdump, Wireshark
• Checkpoint and Palo Alto firewalls
• IDS / IPS (Suricata / Snort)
• Supervision tools
Bachelor or Master of Science in computer science with a first experience in IT security, you are curious, open-minded, autonomous. You are rigorous in your work and have an analytical capacity to understand new issues.
• Experience in Hardening Open Source Systems
• Very good network knowledge
• Knowledge of MISP and the Alienvault community
• Scraping and crawling knowledge in Python or other scripting language
• Ideally you have OSCP, OSCE, CISSP, CEH, CISM, GIAC, CCSA or CCSE certification
Like all positions in the company, this position is open to people with disabilities.