SECURITY ANALYST (INTERMEDIATE)

Position Description.
The SOC security analyst contributes to the realization of thorough analysis / investigations leading to proper and timely qualification of alerts / incidents; and to the identification of appropriate / pragmatic actions / recommendations for timely remediation of true positive incidents.
Also, the SOC security analyst contributes to the design, the implementation and the maintenance of up to date of IT infrastructures security incidents operational procedures, so called “Playbooks” (i.
.
how to manage IDS, AV alerts; how to perform investigations using RSA; etc…).
In the end, the SOC security analyst contributes to the production and communication of SOC activity related clear information either included in regular weekly and monthly dashboards; or in specific security events extracts / reports answering specific stakeholders needs.
Your future duties and responsibilities.
-Management of IT infrastructures security events / incidents -Monitoring of IT security events; specifically alerts triggered by our SIEMs (e.
.
alerts on the following area.
IDS; AV - Virus infections, intrusions, EDR incident) -Day to day events / alerts analysis in order to identify false and true positives (e.
.
in the case of IDS alert, is it a real attack attempt?) and escalation using contextual and threat intelligence -Ensure investigation steps are clearly documented and accurately escalated when needed -Recommend detection mechanism for exploit or intrusion related attempts -Execute operational processes in support of response efforts to identified security incidents -Design and implementation of IT infrastructures security incidents operational procedures (i.
.
how to manage IDS, AV alerts; how to perform investigations using our SIEM; etc…) -Produce weekly and monthly dashboard on the SOC IT security / incidents activity; e.
.
KRIs on IDS and AV alerts -Management of SOC tools -Development / customization / maintenance of correlation rules -Managing IDS, AV policy, EDR policy, Deceptive solution -Engages with other internal and external parties to get and share information to improve processes and detections -Propose solution to automate process where possible Required qualifications to be successful in this role.
COMPETENCIES Required.
-Experience in the management of IT infrastructures security events / incidents -Strong working knowledge of.
-TCP/IP fundamentals -Network and OS Level Exploits -IS Security (knowledge of IT security principles, best practices, tools that are used in securing IT resources) and related risks -Good oral and written communication skills -Client Focus -Team work -Analytical thinkinG -Willing to learn -Ability to communicate clearly with technical teams and with non technical stakeholders.
-Follow agreed security best practice and SOC processes -Ability to work unsupervised and under pressure Desired.
-Previous experience as SOC analyst -Splunk experience -Development/Scripting skills (e.
.
Powershell and/or python) TECHNICAL SKILLS Required.
-Knowledge of SIEM products (e.
.
Splunk, Microsoft Sentinel) -Knowledge of SOAR SIRP is a plus -Knowledge of network security products (SourceFire IDS/IPS; Cisco, Firewall,Proxies..) -Good knowledge of network basics (OSI, NAT, …) -Knowledge of network packets analysis (Wireshark, TcpDump, …) -Cloud monitoring experience is a plus PRIOR WORK EXPERIENCE Required.
-2/5+ years in IT infrastructures security ideally in a SOC; specifically in the management of IT infrastructures security events / incidents and the management of SIEM platforms (preferably in a SOC team) EDUCATION Required.
-Bachelor's degree in computer science, IT or IS -Strong interest in Information Security or Information Technology Desired -Specialization in Information Systems Security LANGUAGE.
French and English Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.
#LI-BZ1 Bilingualism (French and English) is required for this position due to the nature of the role requiring interaction with national and global clients.
Skills.
PowerShell PowerShell Security Infrastructure Supprt Splunk TCP/IP Wireshark What you can expect from us.
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging.
Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life.
That’s why we call ourselves CGI Partners rather than employees.
We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value.
You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last.
You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI, we recognize the richness that diversity brings.
We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities.
As an equal-opportunity employer, we want to empower all our members to succeed and grow.
If you require an accommodation at any point during the recruitment process, please let us know.
We will be happy to assist.
Come join our team—one of the largest IT and business consulting services firms in the world.