Ensure continuous IT systems protection by daily monitoring and exploiting the systems related to security information and event management.
Ensure continuous monitoring, tuning and maintenance of IDS/IPS instances;
Perform Incident response (IR): manage incidents with the ticketing and workflow systems used for IR, collect relevant information, produce reports;
Perform forensic and suspicious file analysis: identify, collect artefacts, perform a technical analysis and import the results in the incident response process;
Assess the scope of the attacks and affected systems, and collecting data for further analysis by the EP-CERT team;
Collaborate with CISO/ICTSECU staff in performing IT security investigations;
Produce regular reporting on event analysis (triage efficiency, false positive rate, real incidents by severity and category, ...);
Develop and optimize SOC systems (e.g. scripts for automated configuration, system analysis, alerting, wiki templates and workflows, automated dashboards).
Define, document and implement operational policies in close collaboration with other CISO/ICTSECU teams and operational entities.
Collaborate to the definition of event correlation rules to automate detection of specific situations.
Qualifications
university degree, minimum 4 years post-secondary education in an ICT related field, or equivalent
Min. 4 years of experience as a technical security analyst,
Min. 2-year experience in the field of incident analysis and response.
Knowledge of English is mandatory, French desirable