Description de l'annonce:

Our Cybersecurity team is looking for an Incident Response Analyst (m/f) to be based in Tunis.

The Incident Response Analyst will perform IS/IT security incident response tasks within Forvia’s Security Incident Response team (Level 2/3 SOC). This analyst will work closely with the Security Incident and Response Manager. This analyst shall also work with Forvia’s partners, who typically perform EDR detection tasks. He/she shall also contribute to enhance all documentation and procedures and propose/apply all necessary technical improvements to ensure proper responsiveness and efficiency of the team, especially enhancement of playbooks/automation as well as security rules.

Principal Duties and Responsibilities

• Detect and respond to IS/IT security threats within our global corporate landscape, be it production,development or datacenter environments
• Execute on incident response plans, identify root cause and drive mitigations to prevent future occurrences
• Operate on all necessary technologies to identify and respond to IS/IT threats (in particular but not limited to our SIEM Elastic Security and our SOAR Palo Alto XSOAR)
• Request necessary actions and follow up upon execution to other IT teams
• Participate on projects that improve our intrusion detection and incident response capabilities
• Participate on creation and improvement of incident response procedures and remediation workflows – automation, context and orchestration as code
• Participate on creation and improvement of security detection rules on the SIEM
• Be part of Faurecia’s first line of defense. We handle active security events and cutting-edge threats from a variety of sources, and you will be part of a 24/7 on call rotation

The ideal candidate will have/be:

Education and experience

• “Cyber Security” relevant University degree
• Real interest in the field of Cyber Security
• 3 years of experience in Security Incident Response and associated best practices
• Experience in identifying, analyzing, scoping, isolating and eradicating malware or hacking threats
• Understanding of the current threat landscape and adversary tactic, techniques and procedures
• Knowledge of enterprise-scale security technologies and capabilities including SIEM (Elastic), incident management (MISP), SOAR, threat intelligence, packet capture, protocol analysis/NetFlow usage, network and system monitoring and logging, malware analysis, firewalling / network filtering, IDS/IPS
• Capacity to understand, design and enhance incident response processes
• Strong knowledge in Linux, Windows, and network equipment’s operation
• Knowledge in cloud technologies and cloud threat protection
• Knowledge of network and host-based forensic methodologies, user behavioral analysis and other AI/ML oriented cyber security technologies
• Scripting skills (Python is intensively used for our playbooks/automations)

Key competencies

• Stress tolerance
• Methodology, rigor
• Curiosity
• Strong written and oral communication skills
• Teamwork
• Strong critical thinking and problem-solving skills
• Flexibility

Languages
English: fluent