Security Operation Center Lead Analyst
Security Operation Center Lead Analyst
Posted on :
07-04-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Location: Bucharest Romania
Integrated in TDF SOC team the SOC Lead Analyst will be responsible of incident handling activities under the supervision of a SOC Leader. The SOC Lead analyst is responsible for technically driving the team of SOC analysts 10 people with international footprint) during incident handling forensics investigations and continuous improvement.
TDF SOC relies on Microsoft Azure technologies and is mainly used to monitor a digital platform hosted on the public cloud Microsoft Azure.
Main activities:
- Incident handling(from detection to closure): Use implemented tools to monitor events identify suspicious activities implement detection rules analyze alerts and communicate with asset owners to handle incidents.
- Crisis management: SOC lead analyst will be part of crisis phone book and should be available with oncall duties.
- Reporting: Provide visibility on incident statuses and redact incident detailed reports and communicate them with stakeholders.
- Monitor security controls: Monitor security controls implementation in particular security configurations and antivirus protection deployed on systems.
- Vulnerability management: Contribute to known vulnerability management within the monitored perimeter.
- CTI and Threat Hunting: gathering and analyzing intelligence about threats adversaries and vulnerabilities to enhance organizational defenses. Involves proactively detecting anomalies in network traffic system logs and user behaviors using SIEM to investigate and EDR or other security tools to neutralize hidden malicious activities.
- Continuous improvement: Lead incident handling continuous improvement (from detection to closure) contribute to SOC continuous improvement and contribute to global security continuous improvement of Thales Digital Factory.
- Delivery management: Participate to delivery management processes and cross team alignment processes.
- Training and awareness: Be a technical referent for the team by staying updated with threats and technological evolutions. Contribute to security awareness of users.
- Oncall for crisis
Required skills:
- Technical (MUST)
- Security logs and event analysis
- SIEM tools in particular (SHOULD) Microsoft Sentinel
- Network and information system security
- Soft Skills:
- Attention to detail and rigor
- Capacity for multitasking and to work in crisis environment
- Communication and vulgarization of technical subjects with nonexperts
Education and experience:
- (MUST) Experience: 5 years in information system cybersecurity with at least 2 years in incident management.
- (SHOULD) Education: Master 2 in computer science cybersecurity or related domain.
- (SHOULD) certifications: CISSP SC200 SC100
Technical Skills details:
- Scripting Languages: Proficiency in PowerShell Python or other scripting languages to automate security tasks. Proficiency in detection rules languages
- Protocols and Standards: Knowledge of security protocols (SSL/TLS IPsec) and standards (ISO 27001 NIST).
- Virtualization and Cloud: Experience with virtualized environments (VMware HyperV) and cloud platforms (Azure AWS). Azure certification (AZ series).
- Azure Defender: Advanced usage to protect resources against specific threats (VMs databases Kubernetes etc..
- Identity Access Management (IAM): Implementation and monitoring of roles permissions and RBAC policies.
- Knowledge of BAS Tools: Proficiency in tools like Caldera SafeTitan or AttackIQ to simulate realistic attacks.
- Analysis of Complex Cyber Attacks: Indepth understanding of tactics techniques and procedures (TTPs) used by attackers based on frameworks such as MITRE ATT&CK.
- Threat Hunting: Implementation of proactive searches to identify threats that evade traditional detection tools. Use of frameworks like MITRE ATT&CK to guide investigations.
- Behavioral Analysis: Identify anomalies or suspicious patterns in logs and events.
- Use of KQL: Build complex queries to analyze data in Azure Sentinel and Log Analytics.
- Analysis of Security Advisories:
- Identify and assess alerts and security advisories published by organizations (e.g. Microsoft CISA CERT).
- Prioritize critical advisories based on their potential impact on Azure cloud environments.
- Coordinate with internal teams to implement patches or workarounds.
Technical Details on activities
Monitoring and Analysis:
- SIEM Sentinel :
- Configuration and Management: Configure and manage detection rules alerts and dashboards in Microsoft Sentinel.
- Data Source Integration: Integrate various data sources (system logs network streams etc. into Sentinel for comprehensive monitoring.
- Alert Analysis: Utilize Sentinels advanced analytical capabilities to identify and prioritize potential threats.
- Supplementary Tools :
- EDR (Endpoint Detection and Response): Use tools like Microsoft Defender for Endpoint to monitor and respond to threats on endpoints.
- NDR (Network Detection and Response): Implement solutions like Darktrace or Vectra for network anomaly detection.
Incident Management :
- Incident Response:
- Automated Playbooks: Create and use automated playbooks in Sentinel for rapid incident response.
- Forensic Analysis: Conduct forensic analyses to understand the origin and impact of security incidents.
- Coordination: Collaborate with IT teams and stakeholders to coordinate incident responses.
- Incident Management Tools :
- SOAR (Security Orchestration Automation and Response): Utilize tools like Palo Alto Cortex XSOAR to automate and orchestrate incident responses.
- Ticketing System: Integrate with ticket management systems like ServiceNow to track and document incidents.
Prevention and Continuous Improvement:
- Threat Intelligence :
- Intelligence Sources : Leverage threat intelligence sources to anticipate attacks.
- IOC (Indicators of Compromise): Regularly update IOCs in Sentinel to enhance detection capabilities.
YOUR CAREER AT THALES
Joining Thales you will integrate into a tightknit team working in an international and friendly environment. Thanks to various teams working on multiple fields and domains all located in Bucharest you will be able to evolve and grow your competences in different areas.
- Room for and attention to personal development
- The opportunity to grow within the organization for instance on a technical managerial or international level within the various markets Thales is working in
Your immediate benefits
- 24 holiday days a year
- A good worklife balance which includes flexible working hours and work from home options
- A comprehensive compensation and benefit package including medical coverage
Required Experience:
IC
Employment Type
Full-Time
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
