Business Services & Consulting • Addison, TX 75001
12 Month Contract Location: West Houston - I10W and Beltway area (Must be willing to go into the office) The CSIRT (Computer Security Incident Response Team) is responsible for the management of security incidents for the whole group. The CSIRT has offices in Paris, Houston, Radnor and Singapore. The position is to strengthen our present team in Houston. The CSIRT analyst reports to both GIO Security Hub Manager Americas and CSIRT & CyberSOC Manager Director worldwide.
The missions of the CSIRT analyst are the following: Incident handling: Alert qualification: a first level of qualification is done by the L1/L2 teams of our MSSP and advanced qualification is done by CSIRT analysts before generating an incident Investigation: incidents are investigated by members of the CSIRT (L3) in coordination with the local security officers in order to define the exact scope of the incident.
The CSIRT analyst defines for each incident an action plan which aims to collect the artifacts needed on suspicious assets, replay binarie to extract the IOC (Indicator of Compromise), contact local teams of the group for obtaining additional information,...
Remediation: the CSIRT analyst also defines the remediation action plan for a return to normal and pilot remediation actions with technical teams Writing procedures (industrialization): CSIRT analysts enrich existing standard operating procedures (SOP) or create new ones, develop global playbooks, document the IT context of our information system, develop scripts and processes to automate activities, "Sanitary actions: conduct actions to limit or eradicate inappropriate behaviours which are not malicious but generate false positives User awareness: during qualification and incident handling, remind users of the group security policies and of best practices Hunting: CSIRT analysts with the tools at their disposal (SIEM, IDS, PROXY, EDR) identify weak signals Monitoring optimization: CSIRT analysts propose evolutions to our monitoring rules and processes CSIRT tooling: the CSIRT has its own infrastructure (monitoring, malware analysis, ) and CSIRT analysts are involved in its maintenance and evolution by keeping it up and running, by adding new features or new tools (sandbox, scripts...)
Education Requirements MSC in the field of IT security component (or equivalent experience) General Requirements 5-8 years of experience in security operations (with at least 2 years in a CSIRT/CERT/SOC position) Fluency in English mandatory in multicultural environment Knowledge and know-how specific to the position Good knowledge including hands-on experience of traditional safety equipment (Firewall, proxy, reverse proxy, VPN...) Understanding of the generated logs and security architectures.
Good knowledge including hands-on experience of security issues (attacks, vulnerabilities...) Good knowledge of standard protocols (HTTP, FTP, FTP, DNS, SSL...) Good knowledge of Windows / Linux architectures Knowledge of AWS security and/or industrial IT security would be a plus Forensic analysis and analytics is a Plus Certifications: GCIH, GCIA, GCFE / GCFA is a Plus
Excellent communication skills (oral and written) Ability to work in teams (openness, interpersonal) Adaptability to different environments & Technologies A demonstrated ability in successful problem-solving and management of multiple tasks/priorities. Ability to effectively manage a crisis situation (technical problem) Able to think creatively & exploit opportunities Ability to simplify and synthesize complex situations, taking into account all the elements Sense of service. Listening and dialogue to understand needs and problems encountered by users Autonomy and organization in order to better manage its perimeter
12 Month Contract Location: West Houston - I10W and Beltway area (Must be willing to go into the office) The CSIRT (Computer Security Incident Response Team) is responsible for the management of security incidents for the whole group. The CSIRT has offices in Paris, Houston, Radnor and Singapore. The position is to strengthen our present team in Houston. The CSIRT analyst reports to both GIO Security Hub Manager Americas and CSIRT & CyberSOC Manager Director worldwide.
The missions of the CSIRT analyst are the following: Incident handling: Alert qualification: a first level of qualification is done by the L1/L2 teams of our MSSP and advanced qualification is done by CSIRT analysts before generating an incident Investigation: incidents are investigated by members of the CSIRT (L3) in coordination with the local security officers in order to define the exact scope of the incident.
The CSIRT analyst defines for each incident an action plan which aims to collect the artifacts needed on suspicious assets, replay binarie to extract the IOC (Indicator of Compromise), contact local teams of the group for obtaining additional information,...
Remediation: the CSIRT analyst also defines the remediation action plan for a return to normal and pilot remediation actions with technical teams Writing procedures (industrialization): CSIRT analysts enrich existing standard operating procedures (SOP) or create new ones, develop global playbooks, document the IT context of our information system, develop scripts and processes to automate activities, "Sanitary actions: conduct actions to limit or eradicate inappropriate behaviours which are not malicious but generate false positives User awareness: during qualification and incident handling, remind users of the group security policies and of best practices Hunting: CSIRT analysts with the tools at their disposal (SIEM, IDS, PROXY, EDR) identify weak signals Monitoring optimization: CSIRT analysts propose evolutions to our monitoring rules and processes CSIRT tooling: the CSIRT has its own infrastructure (monitoring, malware analysis, ) and CSIRT analysts are involved in its maintenance and evolution by keeping it up and running, by adding new features or new tools (sandbox, scripts...)
Education Requirements MSC in the field of IT security component (or equivalent experience) General Requirements 5-8 years of experience in security operations (with at least 2 years in a CSIRT/CERT/SOC position) Fluency in English mandatory in multicultural environment Knowledge and know-how specific to the position Good knowledge including hands-on experience of traditional safety equipment (Firewall, proxy, reverse proxy, VPN...) Understanding of the generated logs and security architectures.
Good knowledge including hands-on experience of security issues (attacks, vulnerabilities...) Good knowledge of standard protocols (HTTP, FTP, FTP, DNS, SSL...) Good knowledge of Windows / Linux architectures Knowledge of AWS security and/or industrial IT security would be a plus Forensic analysis and analytics is a Plus Certifications: GCIH, GCIA, GCFE / GCFA is a Plus
Excellent communication skills (oral and written) Ability to work in teams (openness, interpersonal) Adaptability to different environments & Technologies A demonstrated ability in successful problem-solving and management of multiple tasks/priorities. Ability to effectively manage a crisis situation (technical problem) Able to think creatively & exploit opportunities Ability to simplify and synthesize complex situations, taking into account all the elements Sense of service. Listening and dialogue to understand needs and problems encountered by users Autonomy and organization in order to better manage its perimeter
