Pour accompagner notre client pour une mission longue, nous recherchons un Ingénieur Cyber Threats Detection
Le poste
Descriptif mission :
You will join the CSIRT to support the manager in charge of maintaining and enhancing cyber threats detection.
Missions:
- Create custom analytic rules to detect threats.
- Continuously develop and test detection logic and tooling.
- Drive the improvement of our detection framework, its methodologies, and life cycles.
- Guide and support for analysts in release, implementation, and tuning phases
- Contribute to the review and lessons learned of penetration tests and purple team engagements.
- Conduct knowledge-sharing sessions for edge cases from emerging threats.
- Contribute to the assessment and improvement of telemetry gaps
Compétences requises :
Translate threat intelligence into actionable detection logic.
Working knowledge of at least one major programming language, and scripting languages like Python and PowerShell.
Good understanding of Windows and Linux operating systems.
Knowledge of attacker tools, techniques and procedures.
Knowledge of Active Directory threats.
Knowledge of UEBA and AI/ML for threats detection is advantageous.
Knowledge of cloud infrastructure, cloud security and cloud APIs is advantageous.
Strong team working skills with ability to build trusted relationships with people and groups with diverse backgrounds, and to influence at operations and management level.
Professional, with attention to detail - always seeking quality and excellence in their work.
Collaborative and engaging approach to problem solving and a willingness to work as part of the team.
Passionate for divers
Profil recherché
Niveau d'expérience requise :
5 years experience in CSOC/CSIRT/CERT with 2 years as a detection engineer.
XQL and/or AQL and Sigma experience is a must.
Experience with telemetry/logs produced by platforms (OS, SysMon, firewalls, WebProxy, etc.) and detection capabilities based on network (IDS, NDR, etc.) and endpoints (EDR, XDR) is a must.
Experience working with MITRE ATT&CK framework.
Experience working with Caldera, Gitlab and SOAR.
