Details of the offer for Cybersecurity Incident Response Officer Level 2/3 M/W at Ministère de la justice in Paris

The Information Security and Safety Office (B2SI) reports directly to the Head of the Digital Department (SNUM) and is placed under the responsibility of the General Manager of Information Systems Security (RGSSI). The RGSSI ensures the orchestration of the policy and the governance of IT security and cyber security of the SNUM in conjunction with the teams of the FSSI and the CISOs of the other departments. This office, made up of experts in cyber security and digital security, supports the SNUM departments as well as the Business Departments in the Ministry's digital transformation projects and programs. The B2SI is made up of: A Head of Office & RGSSI, a Deputy RGSSI, a Deputy Head of Office, a DPD of SNUM and three poles: The Studies and Projects Department, which brings together the CISOs and the SSI certification project managers and digital risk management project manager, The CSO Pole (Security Operational Center: SOC of the ministry), brings together analysts of cyber source incidents, the cyber security incident response team and the technical architects in charge of rebuilding and improving the ministry's SOC . The PDP (Personal Data Protection) Unit led by the DPD of SNUM, a personal data protection officer and an apprentice GDPR lawyer. Within the B2SI, the CSO carries out the following missions: Technical expertise by participating in the definition of the defense strategy of the Ministry of Justice; Prevention, alert, analysis, reaction and response to events affecting the ISS of the Ministry of Justice; Management of security audits and penetration tests; Management of environments hosting traces (analysis, extraction, processing); Follow-up of ANSSI CERT alerts; Monitoring of SNUM commitments on the security of Department of Justice environments; Advise and provide assistance to SNUM departments as well as to the RSSIs of the business departments (DSP, DAP, DPJJ, DACS, DACG, IGJ) in the analysis of cyber security incidents; Ensure the implementation of security dashboards: incidents, vulnerabilities, actions…. Assignment: As part of the support for the departments of SNUM, trades and the General Secretariat of the Ministry of Justice in securing information systems, you will be placed under the responsibility of the head of the CSO. Your role will be to prevent, detect and respond to information system security incidents in coordination with ANSSI and the CSSIs. You will participate in the development of actions to reduce vulnerabilities, monitoring and responding to cyber security incidents.

To do this, you will be responsible for: Manage detection and reaction actions in the face of any IS security event, in conjunction with the operating teams in charge of IS and business lines; Monitor and analyze security incidents on the IS of the Ministry of Justice and public establishments; Perform active OSINT searches for new malicious code; Carry out investigations with the analyst teams; Ensure that all cybersecurity incidents are managed quickly and efficiently, in close collaboration with the ANSSI, the HFDS teams, the CISOs of the directorates of the Ministry of Justice and the departments of the SNUM, Implement reverse engineering tools and platforms according to the different technologies concerned, Develop reverse engineering methodologies, Carry out analyzes and searches for vulnerabilities that may affect all the systems of the Ministry of Justice, Analyze malicious codes discovered during investigations or more broadly inherent to specific groups of attackers, Develop reports presenting the results and propose, in conjunction with the business teams, the RSSIs of the departments and any changes and corrections to be implemented, Contribute to security monitoring on topics related to cyber threats, in particular on aspects related to threat intelligence, Participate in security crisis management in the event of a major incident, Contribute to the continuous improvement of CERT by proposing changes and the development of new activities, Maintain in operational condition the tools used by the team as well as the documentation, Alert the CSO manager in the event of a risk or significant difficulty. Required Skills : Writing skills (reports, summaries, specifications, etc.);

Relational skills (conducting meetings, negotiating with external stakeholders); Be proactive and participate in the deployment of new incident response tools and analyses;

Mastery of tools: SPLUNK, SPLUNK ES Enterprise and ELASTICSEARCH; Performing penetration tests