As a Senior SOC Analyst, you will play a key role in detecting, analyzing, and responding to cybersecurity incidents across IDEMIA's global environments. You will also dedicate some time to improving detection, response, and automation capabilities, helping evolve our SOC into a proactive, automation-driven defense center.
Requirements
- Monitor and triage security alerts from multiple sources including Cortex XSIAM, SIEM, EDR, and SOAR platforms, ensuring accurate prioritization and response.
- Lead complex incident investigations, including advanced persistent threats (APT), lateral movement, privilege escalation, and data exfiltration scenarios.
- Perform in-depth forensic analysis on endpoints, logs, and network traffic to identify root causes and attack vectors.
- Coordinate incident response activities with internal stakeholders, including IT, business units, and legal/compliance teams.
- Drive and oversee external MSSPs (SOC, CTI, web monitoring, and third-party forensic providers) to ensure timely, high-quality support during investigations and threat monitoring.
- Ensure alignment and escalation processes between internal teams and MSSPs are well-defined, efficient, and continuously improved.
- Document and communicate incident findings, including impact assessments, containment actions, and lessons learned.
- Contribute to post-incident reviews and ensure implementation of corrective actions and detection improvements.
- Lead technical initiatives to enhance SOC capabilities, including development of advanced detection rules, enrichment pipelines, and automated response playbooks.
- Develop and refine detection logic using behavioral analytics, threat intelligence, and MITRE ATT&CK mapping.
- Drive end-to-end projects to optimize incident response workflows using Cortex XSIAM ensuring measurable improvements in response time and accuracy.
- Design and implement integrations between SOC tools (e.g., SIEM, EDR, CTI platforms, SIRP) to improve alert workflow and reduce latency.
- Conduct regular gap analyses on detection coverage and propose technical solutions to address blind spots across cloud, endpoint, and network layers.
- Develop and execute threat hunting campaigns based on MITRE ATT&CK and real-world threat intelligence, with documented hypotheses, findings, and remediation actions.
- Lead proof-of-concept (PoC) evaluations for new security technologies and orchestrators, including performance benchmarking and operational impact assessments.
- Automate repetitive SOC tasks using scripting (e.g., Python, PowerShell) and SOAR workflows to improve analyst efficiency and reduce MTTR.
- Work closely with business teams, IT, and project managers to align SOC improvements with operational needs, project timelines, and risk management priorities.
- Maintain technical documentation and change logs for all improvement initiatives, ensuring traceability and knowledge transfer across the team.
