Missions & Responsibilities The CSIRT (Computer Security Incident Response Team) is responsible for the management of security incidents for the whole group. The CSIRT has offices in Paris, Houston, Radnor and Singapore. The position is to strengthen our present team in Houston. The missions are: ? Incident handling: ? Alert qualification: a first level of qualification is done by the L1/L2 teams of our MSSP and advanced qualification is done by CSIRT analysts before generating an incident ? Investigation : incidents are investigated by members of the CSIRT (L3) in coordination with the local security officers in order to define the exact scope of the incident. The CSIRT analyst defines for each incident an action plan which aims to collect the artifacts needed on suspicious assets, replay binarie to extract the IOC (Indicator of Compromise), contact local teams of the group for obtaining additional information, ... ? Remediation: the CSIRT analyst also defines the remediation action plan for a return to normal and pilot remediation actions with technical teams ? Writing procedures (industrialization): CSIRT analysts enrich existing standard operating procedures (SOP) or create new ones, develop global playbooks, document the IT context of our information system, develop scripts and processes to automate activities, … ? “Sanitary” actions: conduct actions to limit or eradicate inappropriate behaviours which are not malicious but generate false positives ? User awareness: during qualification and incident handling, remind users of the group security policies and of best practices ? Hunting: CSIRT analysts with the tools at their disposal (SIEM, IDS, PROXY, EDR) identify weak signals ? Monitoring optimization: CSIRT analysts propose evolutions to our monitoring rules and processes ? CSIRT tooling: the CSIRT has its own infrastructure (monitoring, malware analysis, …) and CSIRT analysts are involved in its maintenance and evolution by keeping it up and running, by adding new features or new tools (sandbox, scripts ...) Profile and skills MSC in the field of IT security component or with a similar experience 5-8 years of experience in security operations (with at least 2 years in a CSIRT/CERT/SOC position) expected Fluency in English mandatory in multicultural environment Technical skills ? Good knowledge of traditional safety equipment (Firewall, proxy, reverse proxy, VPN ...) ? Understanding of the generated logs and security architectures. ? Good knowledge of security issues (attacks, vulnerabilities ...) ? Good knowledge of standard protocols (HTTP, FTP, FTP, DNS, SSL ...) ? Good knowledge of Windows / Linux architectures ? Knowledge of AWS security and/or industrial IT security would be a plus Complementary skills ? Forensic analysis and analytics ? Certifications: GCIH, GCIA, GCFE / GCFA Skills ? Excellent communication skills (oral and written) ? Ability to work in teams (openness, interpersonal) ? Adaptability to different environments & Technologies ? Priority management ? Force proposal ? Ability to simplify and synthesize complex situations, taking into account all the elements ? Sense of service ? Autonomy