Ingénieur Détection Expert KQL

Publiée le Jan 22, 2025

Core SOC - SIEM Cloud monitoring expert

1/ Context
Cyber Defense within the Group Operations is sourcing for the group Global Security Operations Center (SOC) to extend the Global SOC Platform to the Public Cloud security monitoring for AWS, Azure and Google logs and alerts.

The project is in development phase where a resource enforcement is needed to develop and build the Public Cloud Security use cases, response Playbooks and perform end-to-end test plan including user acceptance criteria and deployment to production.

Objectives
- Support the project delivery to extend the existing Global Security Platform Azure Sentinel to monitor the Public Cloud logs and alerts
- Develop and design the detection rules and response Playbook in alignment with the selected security use cases

2/ Service Main tasks

Working closely with both the program team, the existing Cyber Defense team and the external partners, the main duties of the Public Cloud Security service will lead and support the following tasks following the group internal use case factory highlighted below.
- Assess the existing Cloud use cases
- Document the use cases specifications
- Build the required Detections rules when it's needed
- Develop the response Playbooks needed to react on detected incidents
- Build and perform the end-to-end test plan and user acceptance
- Fine-tune and readjust the Detection rules, Playbooks as needed
- Ensure a smooth user acceptance and production deployment

3/ Service Main Deliverables
-Build detection rules in alignment with the selected use cases for GCP and OpenShift, RedHat
-Build the appropriate response Playbook and Silva ticket to manage security incidents
-Build and perform a detailed test plan for the developed detection rules and response Playbook
-Coordinate and manage the technical handover and user acceptance criteria to move to production/Business As Usual

4/Requiered Expertise



-Expertise in KQL and detection MANDATORY
-Use Case development in Azure Sentinel
-Associated playbook writing
-Expertise of cloud provider and associated security solutions: AWS, Azure, GCP,
Azure security Center; Guard Duty
-Expertise of SOC activities: triage, investigation, and response
-Testing approach and user acceptance
-Mitre Att&ack techniques

Nous sommes SThree. Le partenaire mondial des talents spécialisés dans les STEM.

Nous mettons en relation des spécialistes recherchés en sciences, technologies, ingénierie et mathématiques avec des organisations dynamiques grâce à nos différentes marques (Computer Futures, Huxley et Real Staffing)

Nous recrutons des professionnels hautement qualifiés - contractuels ou permanents - quand et où ils sont nécessaires.

En réunissant des personnes compétentes, nous élevons le niveau d'expertise et accélérons le progrès pour tous. C'est ainsi que nous construisons l'avenir.

TJM proposé
650€
Sous-domaine

ingénieur cybersecurité

Localisation

Paris, Île-de-France

< Retour aux missions
Mais aussi !

Ces missions pourraient aussi vous intéresser

Architecte cybersecurité cloud
SHELAON PARTNERS
Architecture et Ingénierie
Paris, France
2/3/2025
5-10 ans
Télétravail
450€/jour
PREMIUM
Consultant GRC
Smart Energy LLD
Conseil et Audit
Lyon, France
9/2/2025
3-5 ans
Télétravail
680€/jour
PREMIUM
Consultant SSI
Smart Energy LLD
Conseil et Audit
Paris, France
2/2/2025
5-10 ans
Télétravail
700€/jour
PREMIUM
Expert Sécurité Opérationnelle (Endpoint Protection)
SERMA SAFETY AND SECURITY
Opérations et Support
Paris, France
1/1/2025
5-10 ans
Télétravail
700€/jour
PREMIUM
Architecte cybersecurité cloud
SHELAON PARTNERS
Architecture et Ingénierie
Paris, France
27/10/2024
5-10 ans
Télétravail
650€/jour
PREMIUM
Prestation d'Accompagnement de la Sécurité dans les Projets
Cat-Amania
Architecture et Ingénierie
Paris, France
27/10/2024
5-10 ans
Télétravail
720€/jour
PREMIUM

Des missions pour tous les profils

Réponse à incident

Analyste SOC, Analyste N1, N2, N3, Incident Manageur, Head of SOC, IR & Forensics, Pentesteur

Architecture et Ingénierie

Analyste SOC, Analyste N1, N2, N3, Incident Manageur, Head of SOC, IR & Forensics, Pentesteur

Conseil et Audit

Analyste SOC, Analyste N1, N2, N3, Incident Manageur, Head of SOC, IR & Forensics, Pentesteur

Expertise Technique

Analyste SOC, Analyste N1, N2, N3, Incident Manageur, Head of SOC, IR & Forensics, Pentesteur

Opérations et Support

Analyste SOC, Analyste N1, N2, N3, Incident Manageur, Head of SOC, IR & Forensics, Pentesteur

Direction et Management de Projet

Analyste SOC, Analyste N1, N2, N3, Incident Manageur, Head of SOC, IR & Forensics, Pentesteur