Lieu : Flexible (100 % distance) Suprieur hirarchique : Ingnieur en scurit Lanalyste des oprations de scurit joue un rle cl dans la surveillance, la dtection et la rponse aux vnements de scurit, y compris les incidents potentiels. Il soutient les oprations de scurit par la configuration doutils, lautomatisation des processus et la mise en uvre oprationnelle des politiques de scurit et de continuit des affaires de lorganisation. Ce rle implique galement une contribution active la gestion et la remdiation des vulnrabilits, ainsi qu lexcution de tches lies la gestion des identits et des accs (IAM). Lanalyste doit dmontrer une solide expertise technique, des capacits dexcution oprationnelle et des comptences de coordination interfonctionnelle pour maintenir et renforcer la posture globale de scurit de lorganisation. Rles connexes selon le NICE Workforce Framework for Cybersecurity : - OG-WRL-014 Gestion de la scurit des systmes - CI-WRL-001 Analyse toutes sources - CI-WRL-002 Gestion de la collecte toutes sources - IO-WRL-004 Oprations rseau - PD-WRL-004 Support dinfrastructure - PD-WRL-007 Analyse de vulnrabilits - PD-WRL-003 Rponse aux incidents Responsabilits principales Gestion des identits et des accs (IAM) - Appliquer les politiques dauthentification, y compris MFA, et surveiller les journaux dauthentification pour dtecter les anomalies. - Configurer et grer les accs privilgis en conformit avec les politiques internes, en appliquant le principe du moindre privilge. - Effectuer des rvisions priodiques des accs et privilges afin dassurer leur conformit avec les politiques internes, dans le but de limiter les excs et les privilges inappropris et de rduire les risques de scurit. - tablir des protocoles de rapports pour amliorer la visibilit des indicateurs de scurit et documenter les mesures de scurit et configurations des systmes, en particulier celles lies IAM. Dtection, rponse et gestion des incidents - Aider la mise en place et loptimisation des rgles de dtection, lintgration des sources de journaux et limplmentation des remdiations issues dvaluations de scurit externes. - Agir comme premire ligne de rponse aux vnements de scurit et classifier les incidents conformment au plan de rponse aux incidents (IRP). - Participer aux exercices de simulation (tabletop exercises) et documenter les retours post-mortem pour amliorer les oprations. - Contribuer aux enqutes et la mise en place de plans de remdiation en cas dincident de scurit rseau. Configurations de scurit et automatisation - Participer aux scripts oprationnels et la configuration doutils sous la supervision de lingnieur scurit. - Soutenir lautomatisation des tches de scurit telles que la gestion des correctifs, lanalyse des journaux et les contrles de conformit (en particulier pour les audits). - Contribuer au dploiement et lamlioration des rgles de corrlation pour la plateforme SIEM, les alertes pare-feu, lapplication des politiques IAM et lutilisation des outils SOAR (orchestration, automatisation et rponse en scurit). - Documenter rigoureusement les configurations dans les systmes dentreprise et valider leur efficacit. Gestion des inventaires dactifs et surveillance de la scurit - Coordonner avec Cotality afin de maintenir la mise jour continue de linventaire des actifs de lentreprise (on-premises, cloud, rseau et postes de travail) pour assurer un suivi prcis et une supervision de la scurit. - Collaborer avec les responsables dquipe pour maintenir un registre prcis concernant les propritaires dactifs et la classification des actifs selon les procdures. - Participer au dploiement et lexploitation doutils automatiss de dcouverte et de surveillance des actifs, assurant une visibilit en temps rel des actifs nouvellement dploys, modifis ou retirs. - Contribuer la gestion du cycle de vie des actifs en soutenant les processus de dclassement, de mise au rebut et deffacement scuris des donnes des actifs retirs. Sauvegarde & continuit des affaires - Vrifier la russite des sauvegardes planifies et leur conformit aux politiques de scurit (ex. chiffrement au repos et en transit). - Surveiller les journaux de sauvegarde pour dtecter des checs ou anomalies pouvant impacter la reprise aprs sinistre (DR). - Participer aux exercices de simulation et aux tests de restauration pour valider les plans de continuit des affaires et de DR. - Documenter les configurations de scurit lies aux systmes critiques pour la planification de la reprise. - Aider la planification de contingence en cas dincidents de scurit affectant les oprations. Gestion et surveillance des menaces - Maintenir les modles de menaces et contribuer la collecte et au partage de renseignements sur les menaces, en veillant lalignement avec le cadre de scurit. - Soutenir la gestion des vulnrabilits en ralisant des valuations rgulires, en surveillant les vulnrabilits des API et en aidant la production de rapports de suivi. - tablir des protocoles de rapports et des KPI clairs pour le suivi et la rsolution des vulnrabilits. - Contribuer la remdiation des vulnrabilits identifies, en assurant leur rsolution rapide et leur documentation pour la conformit. Qualifications Formation : Baccalaurat en informatique, cyberscurit ou domaine connexe (exprience quivalente accepte). Exprience : 3 5 ans en oprations de scurit, gestion des vulnrabilits et rponse aux incidents dans des environnements cloud et rseau. Exprience pratique avec des plateformes SIEM et des solutions de gestion des accs privilgis (PAM). Exprience en configuration, maintenance et surveillance doutils de scurit, gestion des incidents et soutien la remdiation sous la supervision dingnierie scurit. - Certifications souhaites (non obligatoires) : - Security+ (CompTIA) - CISSP - GSEC - CCSP - AWS Certified Security, Azure Security Engineer - GCIH - Certified Ethical Hacker Comptences techniques : - Bonne comprhension des processus de gestion des vulnrabilits : identification, analyse et remdiation laide doutils comme Qualys. - Exprience en configurations de scurit pour pare-feu, IAM et outils de surveillance afin de soutenir les tches quotidiennes des oprations de scurit. - Capacit implmenter et optimiser les rgles de dtection, la corrlation de journaux et les alertes de scurit dans les plateformes SIEM et de monitoring. - Familiarit avec les procdures de gestion dincidents : confinement des menaces, analyse forensique, recherche des causes profondes. - Connaissances de base en automatisation pour lefficacit oprationnelle (ex. scripts pour lanalyse de journaux ou la gnration de rapports) atout. Comptences comportementales : - Fortes aptitudes en rsolution de problmes et en analyse, souci du dtail. - Capacit travailler de manire autonome tout en suivant les directives de lingnierie scurit. - Comptences en communication efficaces pour documenter les incidents, suivre les efforts de remdiation et collaborer avec les quipes TI et scurit. Orientation oprationnelle : - Approche pratique et concrte des oprations de scurit. - Engagement dans lapprentissage continu et ladaptation aux menaces mergentes, aux outils de scurit volutifs et aux meilleures pratiques. Location: Flexible (100% Remote) Reporting To: Security Engineer The Security Operations Analyst plays a key role in monitoring, detecting, and responding to security events, including potential incidents. They support security operations through tool configuration, process automation, and the operational implementation of the organizations security and business continuity policies. This role also involves active contribution to vulnerability management and remediation, as well as the execution of tasks related to Identity and Access Management (IAM). The analyst must demonstrate strong technical expertise, operational execution capabilities, and cross-functional coordination skills to maintain and strengthen the organizations overall security posture. Related Work Roles under NICE Workforce Framework for Cybersecurity: - OG-WRL-014 Systems Security Management - CI-WRL-001 All-Source Analysis - CI-WRL-002 All-Source Collection Management - IO-WRL-004 Network Operations - PD-WRL-004 Infrastructure Support - PD-WRL-007 Vulnerability Analysis - PD-WRL-003 Incident Response Key Responsibilities: Identity and Access Management - Enforce authentication policies, including MFA, and monitor authentication logs for anomalies. - Configure and manage privileged access in alignment with internal policies and procedures, ensuring access is granted on a least-privilege basis. - Perform periodic reviews of access and privileges to ensure alignment with internal policies, with the goal of limiting excessive access and inappropriate privileges, and reducing security risks. - Establish reporting protocols to enhance visibility into security indicators and to document security measures and system configurations, particularly those related to identity and access management. Incident Detection, Response & Handling - Assist in setting up and refining detection rules, aligning log sources, and implementing remediation from external security assessments. - Act as the first line of response for security events, classifying incidents in accordance with the Incident Response Plan (IRP). - Participating in tabletop exercises and documenting post-mortem for operational improvements. - Contribute to investigation and remediation plan in case of network security incidents. Security Configurations & Automation - Assist in operational scripting and tool configurations under the guidance of the Security Engineer. - Support automation of security tasks, such as patch management, log analysis, and compliance checks, particularly for audits. - Contribute to the deployment and improvements of correlation rules for the SIEM Platform, firewall alerts, IAM policy enforcement, and for the use of orchestration, automation, and response tools for security (SOAR). - Document rigorously configurations in corporate systems and validate their effectiveness. Asset Inventory Management & Security Monitoring - Coordinate with Cotality to ensure the continuous update of the enterprise-wide asset inventory, covering on premises, cloud, network, and endpoint devices to ensure accurate tracking and security oversight. - Collaborate with team leaders to maintain accurate registry regarding the identification of asset owners and asset classification based on our procedures. - Participate in the deployment and operation of automated asset discovery and monitoring tools, ensuring real-time visibility into newly deployed, modified, or decommissioned assets. - Contribute to asset lifecycle management by supporting decommissioning, disposal, and secure data wiping processes for retired assets. Backup & Business Continuity - Verify that scheduled backups complete successfully and comply with security policies (e.g., encryption at rest and in transit). - Monitor backup logs for failures or anomalies that could impact disaster recovery (DR). - Support tabletop exercises and test recoveries to validate business continuity and DR plans. - Document security configurations related to critical systems for recovery planning. - Assist in contingency planning for security incidents affecting business operation Threat Management and Monitoring - Maintain threat models and contribute to threat intelligence collection and sharing, ensuring alignment with Cotalitys security framework. - Support vulnerability management by conducting regular assessments, monitoring API vulnerabilities, and assisting with reporting metrics. - Establish reporting protocols and clear KPIs for vulnerability tracking and resolution. - Assist in remediating identified vulnerabilities, ensuring timely resolution and documentation for compliance. Qualifications: - Educational Background: Bachelors degree in computer science, cybersecurity or a related field (equivalent work experience may be considered). - Experience: 35 years of experience in security operations, vulnerability management, and incident response across cloud and network security environments. Handson experience with SIEM platforms and privileged access management (PAM) solutions. Experience in configuring, maintaining, and monitoring security tools, managing security incidents, and assisting with remediation efforts under the supervision of security engineering. - Preferred certifications: All profiles will be considered. The certifications listed are indicative of relevant qualifications but may not be attainable at this level of seniority, depending on the applicants background. They are not required to apply for this opportunity. Security+ (CompTIA) - CISSP - GSEC - CCSP - AWS Certified Security, Azure Security Engineer - GCIH - Certified Ethical Hacker Technical Skills: Strong understanding of vulnerability management processes, including identifying, analyzing, and remediating vulnerabilities using tools Qualys. Experience assisting in security configurations for firewalls, IAM, and monitoring tools to support daily security operations tasks. Ability to implement and optimize detection rules, log correlation, and security alerts in SIEM and security monitoring platforms. Familiarity with incident handling procedures, including threat containment, forensic analysis, and root cause investigations. Basic knowledge of automation to support operational efficiency (e.g., scripting for log parsing or report generation) is a plus but not required. Soft Skills: Strong problem-solving and analytical abilities, attention to detail, and the ability to work independently while following guidance from security engineering. Effective communication skills for documenting security incidents, tracking remediation efforts, and collaborating with IT and security teams. Operational Focus: A handson approach to security operations, with a commitment to continuous learning and adapting to emerging threats, evolving security tools, and best practices. #J-18808-Ljbffr
Job Title
Analyste des opérations de sécurité / Security Operations Analyst