04/22/2024 updated
RO
100 % available
SOC Analyst and consultant
Colombes, France
Worldwide
Master degree in cyber securitySplunk, amélioration continue, sensor, SIEM, malware, Cyber security, PCI-DSS, ArcSight, Elasticsearch, AlienVault, Helix, Siemplify, FireEye Security Orchestrator, CISCO SecureX Orchestration, IBM Resilient, EDR/XDR, CrowdStrike, FireEye, Symantec, InsightVM (Rapid7), Qualys, Tenable.sc, Nmap, Wireshark, Metasploit, Nessus, Burp Suite, Volatility, Autopsy, Redline, Snort, MISP, Programming, C, Bash, Python, Web Development, HTML5, CSS3, JavaScript, PHP, WordPress, Django, Flask, Windows et Linux, Cloud : Azure & Office 365
Languages
EnglishGoodFrenchGood
Project history
Tasks: - Digital forensics, incident response and threat hunting
- Incident response procedures and reflex cards creation
- Playbooks development to reduce detection and analysis time
- SIEM solutions evaluation through conducting POCs
- FireEye Endpoint Security MCO (Hosts management, upgrade & policies creation)
- Detection rules implementation and improvement
- Advanced security dashboards and reports building
- Threat intelligence feeds analysis
- Daily meetings conduct and activity reporting
- Incident response procedures and reflex cards creation
- Playbooks development to reduce detection and analysis time
- SIEM solutions evaluation through conducting POCs
- FireEye Endpoint Security MCO (Hosts management, upgrade & policies creation)
- Detection rules implementation and improvement
- Advanced security dashboards and reports building
- Threat intelligence feeds analysis
- Daily meetings conduct and activity reporting
Tasks: - Analysis, handling and response to security incidents
- Creation and improvement of incident response procedures
- Forensic investigation and malware analysis
- Log sources onboarding and optimization on Splunk
- Detection rules deployment and update on Splunk
- Advanced dashboards and report building on Splunk
- Vulnerability scan and analysis using Rapid7's InsightVM
- Vulnerability remediation plans creation and follow-up
- Analysis of external security informations flows (Threat Intelligence)
- Security incidents reporting through conducting daily meetings
- Creation and improvement of incident response procedures
- Forensic investigation and malware analysis
- Log sources onboarding and optimization on Splunk
- Detection rules deployment and update on Splunk
- Advanced dashboards and report building on Splunk
- Vulnerability scan and analysis using Rapid7's InsightVM
- Vulnerability remediation plans creation and follow-up
- Analysis of external security informations flows (Threat Intelligence)
- Security incidents reporting through conducting daily meetings
Tasks: - Real time monitoring of internal and external security events and alerts
- SOC functions improvement through processes and procedures development
- False positives identification and elimination in addition to tuning recommendations
- Collaboration with SOC analysts, MSSP and SecOps teams
- SOAR configuration and playbooks creation
- Containment plans and countermeasures proposal
- Cyber security incidents investigation and root cause analysis
- Incidents reporting for both technical and non-technical staff and stakeholders
- Log sources management (PCI-DSS scope)
- SOC functions improvement through processes and procedures development
- False positives identification and elimination in addition to tuning recommendations
- Collaboration with SOC analysts, MSSP and SecOps teams
- SOAR configuration and playbooks creation
- Containment plans and countermeasures proposal
- Cyber security incidents investigation and root cause analysis
- Incidents reporting for both technical and non-technical staff and stakeholders
- Log sources management (PCI-DSS scope)