Niveau d’expérience : 5-8 ans
Disponibilité : ASAP
Type de contrat : CDI
Présentation de la société :
Klanik is an innovative consulting company specialized in IT and engineering with over 300 employees. Klanik built its success by embracing a new management model. Our consultants have the opportunity to involve themselves as an actor within the company throughout 3 programs:
• Act’in Klanik – a catalog of roles which allows each consultant to take part in Klanik and to be reward according to their involvement;
• Knowledge Centre – an internal training center for the consultants by the consultants;
• Korner – a start-up incubator which supports consultants who want to live their entrepreneurial dream.
Klanik focuses on 4 main areas of expertise :
– Application development, where we follow our clients on innovation and strategic subjects;
– DevOps & Cloud, where we assist our clients on methodological and technical aspects;
– Cybersecurity where we assure and enhance the integrity, people, processes and assets by which Klanik achieves its greater mission;
– Data & AI where we help companies in the challenge of processing their data without losing sight of the real business interest of their work.
By joining us, you will be part in the development of a consultant centric company as well as evolve on innovative topics via our mobilized collective intelligence. Finding new talents and ensuring their wellbeing is essential to the company’s strategy
Descriptif du poste :
You will carry the following responsibilities:
• Monitor SIEM, EDR, Data Analytics Platforms and DLP solutions for alerts triggered by pre-defined detection use cases;
• Investigate and qualify those alerts for further handling;
• Provide feedback to engineering team for fine-tuning of detection use cases;
• Develop runbooks for handling of security monitoring alerts.
Incident Response & Digital Forensics
• Drive the handling of security incidents by defining and assigning response actions to IT personnel and following-up on their execution;
• For severe incidents, steer and coordinate and ad hoc incident response team to contain, mitigate, eradicate and restore;
• Perform Digital Forensics on a wide range of asset, but particularly on Windows systems;
• Develop reaction plans for handling of security incidents.
• Retroactively hunt for potential compromises and other security issues, based on new threat intelligence, gathered by our Threat Analysts.
Threat Collection and Analysis
• Routinely collect the cyber threat intelligence information using Group CTI platform.
• Execute threat analysis: Identify impacted assets, develop threat scenarios, define a ‘kill chain’, i.e. step-by-step analysis of the attack, prioritize threats.
• Identify existing or missing counter-measures (controls & reaction plans) i.e. mapping to bank specificity: enterprise architecture, vulnerability status, latest incidents.
• Operate and populate a threat knowledge management tool.
• Generate reports and share within the relevant parties in the bank.
Technical Experience Mandatory(demonstrate general knowledge of most of the following, with deep understanding
in at least one or two areas)
• Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, security control point management, etc.);
• Experience with security incident management as a SPOC in a SOC or CSIRT environment, coordinating incidents towards technical and management teams
• Experience with reviewing alerts to determine relevancy and urgency by correlating different events and sources
• Experience with advanced detection and mitigation of phishing attacks
• Knowledge of digital forensics practices for Windows systems
• Experience managing incidents via ticketing systems such as HPSM and Service Now
• Ability to clearly write documentation, procedures and knowledgebase articles
• Hand’s on malware analyses skills
• Experience with Use Case Development and Runbook creation
• Familiar with networking concepts, configuration and components
nice to have:
• Comfortable working in Windows and Linux based systems
• Knowledge of various IDS/IPS such as Cisco Sourcefire and Palo Alto
• Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as Splunk, ArcSight, ELK
• Experience working with EDR solutions like Tanium and Mcafee
• Experience with DDoS solutions and services such as Akamai and F5 WAF based application protections
• Practical experience with Threat Hunting
• Basic knowledge of Threat Modelling
• Know how to interpret and analyse Threat Intelligence information and make it actionable via a CTI platform
• Experience with DLP solutions like Symantec DLP
• Knowledgeable about SOAR and automation techniques with Demisto or Cortex XSOAR
• Basic Reverse Engineering skills
Référence de l'annonce : MQU- Incidence response