Security Operations Center Analyst

Job Title: SOC Analyst

Job Type: Contract

Job Location: REMOTE or ONSITE

Contract Rate: Euro's 415 REMOTE (1Week quarter onsite) per day/ 550 ONSITE per day

CLIENT REQUIRES EU CITIZENS

We are seeking a technically proficient Cyber Security Alert Handler to join our security operations team. The role involves triaging and managing security alerts using platforms such as Splunk, Sentinel, XSOAR, AWS, Azure, Carbon Black Cloud, Trellix, Sysdig and Microsoft Defender. The ideal candidate will have strong practical experience in security operations, be fluent in English and preferably French, and provide detailed information to the CSIRC team for incident escalation and handling

Key Responsibilities:

1. Alert Triage and Management:

• Monitor and analyze security alerts from Splunk, Sentinel, XSOAR, AWS, Azure, Trellix, Carbon Black Cloud, Sysdig and Microsoft Defender.
• Assess the severity and impact of alerts, prioritizing them for further action.
• Investigate and differentiate between false positives and actual threats.

1. Alert deep analysis and Response:

• Conduct in-depth investigations to identify the root cause of security alerts.
• Propose to CSIRC containment, eradication, and recovery measures.
• Collaborate with the CSIRC team by providing comprehensive alert details for seamless handover.

1. Supporting Alert management Optimization:

• Configure and fine-tune security alerting tools for best performance.
• Stay updated on the latest threats and adjust detection strategies accordingly.
• Regularly review and improve alerting mechanisms to reduce false positives.

1. Documentation and Reporting:

• Maintain detailed records of security alerts, actions taken, and outcomes.
• Prepare and present alert handling playbooks, draft if needed reports, ensuring clarity and thoroughness for CSIRC team follow-up.
• Develop and update standard operating procedures for alert handling.

• Technical Skills:

1. Proven experience with Splunk, Sentinel, XSOAR, AWS, Azure, Carbon Black Cloud, Trellix, Sysdig and Microsoft Defender.
2. Strong understanding of cybersecurity principles, threat landscapes, and best practices.

• Experience in alert handling, and desirably in incident response.
• Prior hands-on experience in a Security Operations Center (SOC) or similar environment.
• Demonstrated ability to manage and respond to security alerts in a high-pressure environment.
• Experience in analyzing network traffic, system logs, and security events.

• Analytical Skills:
• Ability to perform deep-dive analysis of security incidents.
• Strong problem-solving and critical-thinking abilities.

• Communication Skills:
• Fluent in English; proficiency in French is highly desirable.