SOC Analyst

You want to join a company that places people at the heart of its concerns? We are waiting for you at Extia!

Extia is an engineering consultancy which proposes since 2007 an unprecedented approach in its sector by combining well-being and performance at work. A successful model: more than 3000 Extians working in 22 agencies in France and abroad, 1st Great Place To Work® in France, 160 millions of euros of turnover and plenty of energy!

At Extia, it's "First who, then what" so, let's do it!

First who

Required Skills

SIEM/SOAR

• Strong knowledge of SIEM operating principles
• Hands-on experience with Splunk and Regex search syntax
• Practical experience with TheHive or similar platforms
  
  
  

Systems/Networks

• Solid understanding of network and system architectures
• Knowledge of intrusion detection probes and event log correlation tools
  
  
  

Security

• Strong knowledge of the MITRE ATT&CK framework and associated countermeasures
• Proficiency in information monitoring, analysis tools, and methods
• Familiarity with security standards across technologies such as web servers, messaging, databases, DNS, proxies, and firewalls
  
  
  

Expertise in one or more of the following areas:

Web application vulnerabilities

Malware families (rootkits, ransomware, botnets, etc.)

Obfuscation and persistence techniques (e.g., cryptography, packing)

Digital forensics and investigation tools

Sandbox behavioral analysis

Then what

We are looking for an experienced SOC Analyst (Level 2) to join our Security Operations Center (SOC).

The SOC Blue Team is the first line of defense, responsible for protecting the organization’s information systems by maintaining and improving its overall security posture against potential threats and attackers.

Key Responsibilities

• Analysis
• Improve correlation and log analysis rules within Splunk
• Investigate alerts linked to different Tactics, Techniques, and Procedures (TTPs)
• Conduct prioritization, in-depth investigations, and compromise research
• Perform blocking actions as required
• Execute or interpret first-level scans (Sandbox or manual) on malicious code
• Incident Response
• Communicate and escalate efficiently to management in the case of confirmed incidents
• Act as a technical reference point for less experienced SOC analysts during investigations
• Conduct retro-hunting, qualify findings, and analyze incidents to determine root cause, attack vectors, vulnerabilities exploited, and scope of compromise