Atcon Global - Cyber Security Consultant

Start Date: ASAP

Context of the mission/Objective(s) of the job
As part of its activities, Client is looking for a Cybersecurity Engineer.
The mission should start as soon as possible, and for a period of 2 years with the possibility of extension, on a full-time basis.
Part of the mission may, in consultation with the manager, be done remotely but a presence on the Gosselies site for a minimum of 2 days a week is mandatory.
Additional days of on-site presence may be requested from the consultant, depending on the needs of the department (on an ad hoc basis).
As the Gosselies site is not easily accessible by public transport, the possession of a driver's license and a vehicle will be required for travel. Travel to other sites is possible.
As a Cybersecurity Engineer or Information Security Engineer, you will play a crucial role in protecting organizations from cyber threats. Your expertise will help protect sensitive data, systems, and networks, identify threats and vulnerabilities in systems and software, and then apply your skills to developing and implementing high-tech solutions to defend against hacking, malware and ransomware, insider threats, and all types of cybercrime.

Responsibilities
As a member of the Cyber Defense team, you will need to be able to adequately respond to cybersecurity incidents by working collaboratively with other departments and services and all possible stakeholders.

This includes:

• Investigate and respond to security incidents, including malware infections, network intrusions, and data breaches.
• Conduct investigations and analysis of security incidents, including analysis of phishing emails and security alerts (SIEM, EDR, etc.).
• Work closely with other teams within the organization to identify and mitigate security risks.
• Develop and implement incident response procedures and provide guidance to others in the organization on security best practices.

SOC Engineering :

• You will play a critical role in ensuring that the organization's security posture remains strong.
• You will develop, maintain, and optimize our SIEM and EDR systems to ensure rapid detection and response to security incidents. This will involve creating and maintaining use cases and detection rules (based on the MITRE ATT&CK framework),
  as well as writing playbooks for the SOC team to ensure a consistent and effective response to incidents.
  
• In addition, you will automate the response to SIEM and EDR events as much as possible, allowing the cyber defense team to focus on the essentials.

Mena Detection and Hunting
As a cybersecurity engineer, you will also be responsible for detecting and hunting for threats.

• You will use your security operations expertise to proactively identify threats and vulnerabilities within the organization's infrastructure using SIEM and custom detection tools. This will involve conducting regular threat hunting exercises to detect potential threats that may have escaped detection by traditional security measures.
• You will use a variety of tools and techniques to collect and analyze security data to identify anomalous behavior and potential indicators of compromise.
• In addition, you will work closely with the third-party SOC team to investigate potential security incidents and provide guidance on threat remediation and mitigation strategies.
• You are able to read and understand logs (Windows, Linux, network, etc.) and analyze system artifacts for signs of compromise.

Projects: In addition to the core business of the team activities mentioned above, you will also contribute to different projects depending on the needs of the team. This can include deploying new products or platforms, maintaining them, automating manual tasks.

Requirement
Technical Skills:

• Strong analytical and problem-solving skills, with the ability to identify and respond to security incidents in a timely and effective manner.
• Strong knowledge of security technologies and tools such as Firewalls, VPN, data loss prevention, IDS/IPS, Web-Proxy, MDR & XDR and security audits.
• Strong understanding of network protocols and technologies, as well as operating systems.
• Experience with security incident response tools and techniques, including forensic analysis and/or malware.
• Experience in threat hunting and ability to identify and investigate suspicious activity on the network and systems.
• Experience with SOC engineering and identifying gaps in our detection capabilities, as well as the ability to automate alert processing.
• Experience with one or more scripting languages: Python, Bash, PowerShell.
• Familiar with cloud security and Zero Trust concepts.

Soft Skills:

• Passionate about security monitoring, digital forensics, incident response, and threat intelligence.
• Ability to work under pressure in a fast-paced environment.
• Great attention to detail and exceptional problem-solving skills.
• Fluency in spoken and written French and English.

Qualifications: Bachelor's degree in Computer Science, Information Security, related field or equivalent.

Experience:

• Minimum of 3 years of experience in a security-related role, with a focus on incident response and analysis.
• Relevant certifications, such as GCIH, GCFE, GCFA, GNFA, GCIA, GREM or similar, are a plus.