Job Description
As a Senior SOC Analyst, you will play a key role in detecting, analyzing, and responding to cybersecurity incidents across IDEMIA's global environments (Office, R&D, Production, Cloud). You will also dedicate some time to improving detection, response, and automation capabilities, helping evolve our SOC into a proactive, automation-driven defense center.
Key Responsibilities -
Incident Detection & Response -
- Monitor and triage security alerts from multiple sources including Cortex XSIAM, SIEM, EDR, and SOAR platforms, ensuring accurate prioritization and response.
- Lead complex incident investigations, including advanced persistent threats (APT), lateral movement, privilege escalation, and data exfiltration scenarios.
- Perform in-depth forensic analysis on endpoints, logs, and network traffic to identify root causes and attack vectors.
- Correlate multi-source telemetry (e.g., endpoint, cloud, identity, email) to reconstruct attack timelines and identify impacted assets.
- Coordinate incident response activities with internal stakeholders, including IT, business units, and legal/compliance teams.
- Drive and oversee external MSSPs (SOC, CTI, web monitoring, and third-party forensic providers) to ensure timely, high-quality support during
Investigations and threat monitoring-
- Ensure alignment and escalation processes between internal teams and MSSPs are well-defined, efficient, and continuously improved.
- Document and communicate incident findings, including impact assessments, containment actions, and lessons learned.
- Contribute to post-incident reviews and ensure implementation of corrective actions and detection improvements.
Continuous Improvement and projects -
- Lead technical initiatives to enhance SOC capabilities, including development of advanced detection rules, enrichment pipelines, and automated response playbooks.
- Develop and refine detection logic using behavioral analytics, threat intelligence, and MITRE ATT&CK mapping.
- Drive end-to-end projects to optimize incident response workflows using Cortex XSIAM ensuring measurable improvements in response time and accuracy.
- Design and implement integrations between SOC tools (e.g., SIEM, EDR, CTI platforms, SIRP) to improve alert workflow and reduce latency.
- Conduct regular gap analyses on detection coverage and propose technical solutions to address blind spots across cloud, endpoint, and network layers.
- Automate repetitive SOC tasks using scripting (e.g., Python, PowerShell) and SOAR workflows to improve analyst efficiency and reduce MTTR.
Required Skills & Experience -
- 4 to 8 years of experience in SOC operations or incident response.
- Proven experience with Cortex XSIAM, or strong hands-on with Cortex XDR/XSOAR, or equivalent EDR/SIEM/SOAR platforms.
- Strong knowledge of cybersecurity frameworks (e.g., MITRE ATT&CK, NIST).
- Experience in handling high-impact or rare incidents.
- Proficiency in log analysis, threat hunting, and root cause analysis.
- Familiarity with scripting (Python, PowerShell) and automation.
Qualifications -
- Bachelor's or Master's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
- Relevant certifications (e.g., CEH, GCIA, GCIH, CySA+, CISSP, PCSAE) are a plus.
Scope & Conditions -
- Geographical Scope: Global
- Work Schedule: 24/7 team with follow-the-sun model; on-call duty required during weekends.
- Language: Fluent in English, 95% of daily activities will be in English.
