Cyber Security : SOC Incident Handler
The L2 SOC ANALYST is a member of the Equans Security Operations Center (SOC) which is responsible for handling cybersecurity incidents within the Equans information systems. His/her responsibilities are: · Take charge of the cybersecurity incidents entrusted to him/her. · Improve the detection & reaction capability of the EQUANS SOC by: Proposing, testing and implementing detection rules ; o Continually improving remediation playbooks. · Propose automation of recurrent process. Mission Cybersecurity monitoring: · Thoroughly investigate referred incidents. · Train with teammates on a regular basis. · Analyze and contextualize suspicious behavior for proper understanding. · Participate in crisis management via EQUANS Technical cyber crisis unit. · Be able to create reports and visualizations of security attacks. · Track trends in performance metrics and incident reports. · Work to decrease false positive alerts and findings. · Carry out other duties assigned by management as required. Reports to SOC Manager and MBU Chief Information Security Officer (M-CISO) Location/Department Sterling Heights, MI - Montreal, QC / IT Cybersecurity Services Relationship with Departments · Participate in committees as a referent. · Continuously improve the service provided and report to the SOC Manager. · Support the SOC Manager in the preparation of committees. Experience and Education · One or more qualifications in the field of cyber defense. · At least 2 to 7 years of experience in the field of cybersecurity incident response. · Comfortable with security equipment and solutions and is familiar with intrusion methods on computer systems and networks. · Familiar with SOC procedures and workflow tools. · Cybersecurity certifications are a strong advantage. · Bachelors' degree in computer science, information systems, engineering, or an equivalent combination of education and experience required. Required Skills * Have a thorough knowledge of the methods and functions of security equipment. * Participate in the improvement and development of process and procedure documentation. * Ability to work independently to perform analysis and investigations. * Possess an information security and operations mindset. * Demonstrate strong technical knowledge of operating systems, SQL, SIEM, scripting, intrusion detection systems, firewalls, proxies, Radius, VPN gateways... * Keep a personal watch and share it with the security teams. * Ability to multi-task and prioritize. * Curious and have good verbal and written communication skills. * Keep current with emerging cybersecurity tools, services, guidelines, mandates, standards, regulations, trends, alerts, and issues. * Demonstrate problem-solving, critical thinking, and logical structuring skills. * Strong communication skills with the ability to engage with system and network administrators, systems users, and managers. · Ability to act as a team lead if required. · Strong proficiency in conversational and technical English. Annex Services, as described by FIRST CSIRT Services Framework, in which the Incident Handler will participate are the following. 7.1. 5 Service Area: Information Security Event Management Information Security Event Management aims to identify information security incidents based on the correlation and analysis of security events from a wide variety of event and contextual data sources. In larger organizations, this service area is sometimes fully or partially assigned to a Security Operations Center (SOC), which might additionally also perform first- or even second-level Information Security Incident Management such as initiating mitigations or adjustments of security controls. As any Information Security Incident Management service depends on qualified and accurate data about information security events, the interface between a SOC and the assigned CSIRT is crucial. 7.2. 6 Service Area: Information Security Incident Management This service area is at the heart of any CSIRT and consists of services that are vital in helping constituents during an attack or incident. CSIRTs must be prepared to help and support. Through this unique position and expertise, they can not only collect and evaluate information security incident reports, but also analyze relevant data and perform detailed technical analysis of the incident itself and any artefacts used. From this analysis, mitigation, and steps to recover from the incident can be recommended, and constituents will be supported in applying the recommendations. This also requires a coordination effort with external entities such as peer CSIRTs or security experts, vendors, or PSIRTs to address all aspects and reduce the number of successful attacks later. The special expertise CSIRTs can provide is also critical in addressing (information security) crises. While in many instances a CSIRT will not handle the crisis management, it can support any such activity. Making its contacts available, for example, can greatly improve th
EQUANS North America is a leader in mechanical and electrical construction, industrial and energy infrastructure, and building services. We are a collaborative group of contracting and operating companies in the US and Canada, with combined revenues of $1.4b in 2021. Our local brands have more than 50 years of historical presence. With our strong regional anchors, we can provide services to customers nationwide thanks to our 4,500 skilled employees based across more than 30 locations. Connect, Power and Protect: we design, install, maintain, and operate complex systems with highest safety standards. EQUANS North America supports a broad range of clients (Public infrastructures, Commercials, Industrials, but also General Contractors) in navigating today’s energy, digital, and industrial transitions. EQUANS North America is a Business Unit of EQUANS Group, the world leader in multi-technical services with 74,000 highly qualified employees and offices in 17 country hubs.