Cybersecurity Infrastructure Engineer

Organize and operate the Security infrastructure components (mainly Splunk SIEM and FirePower IDS):

• Deploy and manage the various technologies and components used specifically for Security needs;
• Regularly review and improve the Splunk SIEM detection routine configurations;
• Ensure that the Security events are properly monitored and that expected log sources are available;
• Manage changes in a structured and controlled way;
• Regularly review and upgrade the SIEM configurations with regard to network, servers and applications evolutions
• Under the supervision of the Leader of the Monitoring team, contribute to the proper management of the SIEM infrastructure

Draft documentation:

• Detection routines descriptions;
• Processes and procedures regarding events analysis and incidents handling.

Interact on a daily basis with the management and other ICT operations teams (network, datacentre, applications and others):

• daily review alerts, notable events, incidents, ...
• follow-up of detected suspicious activities with ICT operations teams and system/application owners
• escalate potential incidents to the CISO team
• be available for managing unplanned events and work under pressure, occasionally outside the normal working hours in case of severe security incidents;
• report relevant events to the management.

Requirements

• Bachelor's level degree in ICT field
• At least 6 years of professional experience in the following specific ones:
  • Log management and SIEM solutions, especially Splunk;
  • Identity and Access management;
  • Endpoint security systems including: antivirus software, host intrusion detection and prevention, data encryption, hardening practices, data protection;
  • Network concepts and the associated security solutions. In particular: Internet/Intranet/Extranet, authentication systems, Firewall, Proxies, Network IDS/IPS, e-mail gateways, IP security, Remote access control
• Windows Security:
  
  • Windows 10 workstation hardening;
  • Windows server hardening;
  • Windows Active Directory management and Security;
  • Logs collection, filtering, aggregation and processing;
• Linux Security:
  • Linux Security management and hardening;
  • Linux workstations and servers monitoring (logs gathering and processing);
• Cloud environment:
  • Microsoft cloud environments and security tools (Sentinel, AZAD, Defender, ...);
  • AWS cloud environments and security tools (GuardDuty, Security hub, ...)
• Fluency in English, French language knowledge is an advantage.