CSIRT Analyst
Job:
Digital and IT / Cybersecurity
<p><span><span>EQUANS</span></span><span> </span></p> <p><span> </span></p> <p><span><span>Equans is a world leader in the energy and services sector, with annual revenues of<span> </span></span><span>nearly €19,2 billion</span><span>* and almost 800,000 projects.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>Equans has leading positions in Europe, which is the result of the history of energy construction in these countries, and strong presences in North and South America and in Oceania.</span></span><span> </span></p> <p><span><span>With<span> </span></span><span>nearly 90,000</span><span><span> </span>highly skilled employees, Equans has a strong geographic footprint, anchored by historic local brands. Equans provides its customers with excellent technical<span> </span></span><span>expertise</span><span><span> </span>in the design, installation,<span> </span></span><span>maintenance,</span><span><span> </span>and operation of multi-technical facilities. This<span> </span></span><span>know-how</span><span><span> </span>is based on key skills.<span> </span></span><span>First of all</span><span>, in electrical and thermal engineering - two strong points that help accelerate the reduction of our clients' carbon footprint - but also in </span></span><a href="https://www.equans.com/expertises/hvac" target="_blank"><span><span>ventilation</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/cooling-fire-protection" target="_blank"><span><span>refrigeration</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/mechanical-robotics" target="_blank"><span><span>mechanics and robotics</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/cooling-fire-protection" target="_blank"><span><span>fire protection</span></span></a><span><span>, energy renovation,</span></span><a href="https://www.equans.com/expertises/digital-ict" target="_blank"><span><span> digital solutions</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/digital-ict" target="_blank"><span><span>IT, cyber security and telecommunications</span></span></a><span><span>.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>The combination of<span> </span></span><span>thes</span><span><span> </span></span><span>expertises</span><span><span> </span>allows us to offer efficient and<span> </span></span><span>optimised</span><span><span> </span>solutions at all stages of the energy chain, from production,<span> </span></span><span>storage</span><span><span> </span>and transport to usage.</span></span><span> </span></p> <p><span> </span></p> <p><em><span><span>(*) Turnover 2024<span> </span></span><span>consolidated</span></span></em><span> </span></p> <p><span> </span></p> <p><span> </span></p> <ol> <li><span><span>CSIRT</span><span><span> A</span></span><span>nalyst</span><span><span> </span></span><span>(F/M)</span></span><span> </span></li> </ol> <p><span> </span></p> <p><span><span>Summary of the role</span></span><span> </span></p> <p><span> </span></p> <p><span><span>Within the CSIRT of Equans, you ensure the<span> </span></span><span>initial</span><span><span> </span>detection, preliminary<span> </span></span><span>assessment</span><span><span> </span>and response to IT security incidents.</span></span><span> </span></p> <p><span><span>By examining the technical data collected, you<span> </span></span><span>identify</span><span><span> </span>the attackers' modus operandi,<span> </span></span><span>determine</span><span><span> </span>their<span> </span></span><span>objectives</span><span><span> </span>and evaluate the extent of the attacks in order<span> </span></span><span>in particular to</span><span><span> </span>search within the environment for elements that could<span> </span></span><span>indicate</span><span><span> </span>a potential compromise.</span></span><span> </span></p> <p><span><span>Through an investigation report, you offer recommendations to resolve problems and strengthen the security of affected systems. You suggest actions to take to thwart and resolve the incident, including cleaning and strengthening the security of affected systems.</span></span><span> </span></p> <p><span><span>You carry out constant monitoring of new vulnerabilities, emerging<span> </span></span><span>technologies</span><span><span> </span>and attack methods linked to system components, by developing<span> </span></span><span>appropriate investigation</span><span><span> </span>tools.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>K</span><span>EY METRICS OF THE ENVIRONMENT</span></span><span> </span></p> <p><span> </span></p> <ul> <li><strong><span><span>Identities managed:<span> </span></span></span></strong><span><span>95,000</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Workstations:<span> </span></span></span></strong><span><span>60000</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Servers:<span> </span></span></span></strong><span><span>6500</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Hosting:<span> </span></span></span></strong><span><span>80% of the IT are managed on Azure and AWS </span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Teammates</span><span>:<span> </span></span></span></strong><span><span>4 in France</span><span><span> </span>for a total of 17 people in the CSIRT (3<span> </span></span><span>incident</span><span><span> </span>handlers in Montreal CA)</span></span><span> </span></li> </ul> <ul> <li><span><span>Knowledge</span><span><span> </span>and<span> </span></span><span>toolings</span><span>:</span><span> </span></span><span> </span></li> </ul> <ul> <li><span><span>Must know KQL<span> </span></span><span>queries</span><span> </span></span><span> </span></li> </ul> <ul> <li><span><span>Use of EDR solutions</span></span><span> </span></li> </ul> <ul> <li><span><span>Good<span> </span></span><span>knowledge</span><span><span> </span>of Microsoft<span> </span></span><span>security</span><span><span> </span>solutions </span></span><span> </span></li> </ul> <ul> <li><span><span>Good<span> </span></span><span>knowlegde</span><span><span> </span>of Cloud<span> </span></span><span>environments</span></span><span> </span></li> </ul> <ul> <li><span><span>knowledge</span><span><span> </span>of<span> </span></span><span>Threat</span><span><span> </span>Intelligence platform solution</span></span><span> </span></li> </ul> <ul> <li><span><span>Use of SIRP</span></span><span> </span></li> </ul> <ul> <li><span><span>Use of<span> </span></span><span>Feedly</span><span><span> </span>for cyber<span> </span></span><span>watch</span></span> </li> </ul> <p><span> </span></p> <p><span><span>K</span><span>EY OBJECTIVES & KPIs</span></span><span> </span></p> <p><span> </span></p> <ul> <li><span><span>Leading at least 3 campaigns to improve our overall detection (Defining audit logs,<span> </span></span><span>assist</span><span><span> </span></span><span>Cyberdefense</span><span><span> </span>architects for data collection and parsing,<span> </span></span><span>identifying</span><span><span> </span>risks, use cases and associated detection rules, build incident responses);</span></span><span> </span></li> </ul> <ul> <li><span><span>Carrying out structured threat hunting, based on a hypothesis,<span> </span></span><span>in order to</span><span><span> </span></span><span>identify</span><span><span> </span>weak signals within our environment;</span></span><span> </span></li> </ul> <ul> <li><span><span>Producing every month an internal threat report for a specific Business Unit;</span></span><span> </span></li> </ul> <ul> <li><span><span>Animating public and corporate events to improve our overall visibility and share our insights with other teams;</span></span><span> </span></li> </ul> <ul> <li><span><span>Creating playbooks to improve our incident response processes</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>KEY RESPONSIBILITIES</span></span><span> </span></p> <p><span> </span></p> <ul> <li><span><span>Monitor tactics,<span> </span></span><span>techniques</span><span><span> </span>and procedures (TTP) used by cyber threat actors and their<span> </span></span><span>trends;</span></span><span> </span></li> </ul> <ul> <li><span><span>Carry out structured threat hunting<span> </span></span><span>in order to</span><span><span> </span></span><span>identify</span><span><span> </span>weak signals within our<span> </span></span><span>environment;</span></span><span> </span></li> </ul> <ul> <li><span><span>Enrich and integrate TTPs and indicators of compromise into<span> </span></span><span>monitoring</span><span><span> </span></span><span>tools;</span></span><span> </span></li> </ul> <ul> <li><span><span>Produce actionable reports based on threat intelligence<span> </span></span><span>data;</span></span><span> </span></li> </ul> <ul> <li><span><span>Perform</span><span><span> </span>real-time incident<span> </span></span><span>response</span><span><span> </span></span><span>in<span> </span></span><span>order</span><span><span> </span>to</span><span><span> </span></span><span>participate</span><span><span> </span>in<span> </span></span><span>the<span> </span></span><span>whole</span><span><span> </span></span><span>lifecycle</span><span><span> </span>of the incident</span><span><span> </span>(identification and monitoring of the<span> </span></span><span>attack</span><span><span> </span></span><span>path</span><span>, collection of<span> </span></span><span>artifacts</span><span><span> </span>for<span> </span></span><span>forensic</span><span><span> </span></span><span>analysis</span><span>,<span> </span></span><span>threat</span><span><span> </span></span><span>analysis</span><span><span> </span>and<span> </span></span><span>remediation</span><span><span> </span>actions</span><span>);</span></span><span> </span></li> </ul> <ul> <li><span><span>Propose new rules and means to be implemented to improve our overall<span> </span></span><span>detection;</span></span><span> </span></li> </ul> <ul> <li><span><span>Participate in intrusion tests and red team<span> </span></span><span>missions;</span></span><span> </span></li> </ul> <ul> <li><span><span>Be a<span> </span></span><span>major actor</span><span><span> </span>in</span><span><span> </span>the development of</span><span><span> </span>the threat intelligence<span> </span></span><span>platform;</span></span><span> </span></li> </ul> <ul> <li><span><span>Introduce</span><span><span> </span>information<span> </span></span><span>related to cybersecurity</span><span><span> </span>to improve awareness and implementation of security<span> </span></span><span>practices;</span></span><span> </span></li> </ul> <ul> <li><span><span>Develop and<span> </span></span><span>maintain</span><span><span> </span>relationships with experts or organizations that can help or<span> </span></span><span>participate</span><span><span> </span>in the CSIRT’s<span> </span></span><span>mission;</span></span><span> </span></li> </ul> <ul> <li><span><span>Continuously improve the service provided and report to the CSIRT<span> </span></span><span>manager;</span></span><span> </span></li> </ul> <ul> <li><span><span>Support the CSIRT manager in the preparation of committees</span></span><span> </span></li> </ul> <p><span><span>In conjunction with<span> </span></span><span>Equans <span> </span></span><span>internal teams and partner teams:</span></span><span> </span></p> <ul> <li><span><span>Inform management of suspected incidents and explain the history by providing punctual feedback with the status and potential impact of the<span> </span></span><span>event;</span></span><span> </span></li> </ul> <ul> <li><span><span>Provide advice on disaster recovery,<span> </span></span><span>emergency</span><span><span> </span>and business continuity plans, at the tactical,<span> </span></span><span>operational</span><span><span> </span>and strategic<span> </span></span><span>levels;</span></span><span> </span></li> </ul> <ul> <li><span><span>Recommend measures to<span> </span></span><span>circumvent</span><span><span> </span>and remediate the incident.</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>PROFILE </span></span><span> </span></p> <p><span> </span></p> <p><span><span>Academic background & Experience </span></span><span> </span></p> <p><span><span>Engineering degree (</span><span>Master’s</span><span><span> </span>level or equivalent) in computer science, cybersecurity, information sciences, or a related field. Specialization in Threat Intelligence, threat analysis, or offensive security (e.g., via a Master’s in cybersecurity or certifying programs from ENISA or Romanian universities such as the Polytechnic University of Bucharest) would be a major asset. Continuous training in cybersecurity (MOOCs, bootcamps) is appreciated to<span> </span></span><span>demonstrate</span><span><span> </span>ongoing skill updates.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>At least 3 to 5 years of experience in a similar cybersecurity role, ideally within a CSIRT, SOC, or Threat Intelligence team. Proven<span> </span></span><span>expertise</span><span><span> </span>in Threat Intelligence is essential: you must have hands-on experience in monitoring and analyzing TTPs of cyber threat actors, enriching<span> </span></span><span>IoC</span><span>, and producing actionable reports based on intelligence data.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>Behavioral Capabilities</span></span><span> </span></p> <ul> <li><span><span>Excellent problem-solving and analytical skills, with the ability to troubleshoot complex access governance issues and implement effective solutions.</span></span><span> </span></li> </ul> <ul> <li><span><span>Ability to communicate effectively with both technical and non-technical stakeholders, ensuring clarity in explaining complex technical concepts.</span></span><span> </span></li> </ul> <ul> <li><span><span>Strong collaboration skills, working seamlessly with cross-functional teams such as IT, security, and compliance.</span></span><span> </span></li> </ul> <ul> <li><span><span>You<span> </span></span><span>demonstrate</span><span><span> </span>interest and skills in developing task<span> </span></span><span>automation;</span></span><span> </span></li> </ul> <ul> <li><span><span>Good communicator, you have interpersonal<span> </span></span><span>skills</span><span><span> </span>and you adapt easily to various<span> </span></span><span>people;</span></span><span> </span></li> </ul> <ul> <li><span><span>You have a sense of ethics, and know how to exercise<span> </span></span><span>discretion;</span></span><span> </span></li> </ul> <ul> <li><span><span>You are fluent in English and willing to work in an international context</span></span><span><span>.</span></span><span> </span></li> </ul> <ul> <li><span><span>Comfortable working in a multicultural, distributed team.</span></span><span> </span></li> </ul> <ul> <li><span><span>You have an excellent methodological approach to managing incident<span> </span></span><span>responses;</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>Skills</span></span><span> </span></p> <ul> <li><span><span>Y</span><span>o</span><span>u have technical background<span> </span></span><span>demonstrating</span><span><span> </span>the ability to perform the assigned<span> </span></span><span>tasks;</span></span><span> </span></li> </ul> <ul> <li><span><span>You are autonomous, technically versatile and<span> </span></span><span>have the ability to</span><span><span> </span>tackle new and stimulating technical<span> </span></span><span>subjects;</span></span><span> </span></li> </ul> <ul> <li><span><span>You master monitoring and intrusion detection tools, as well as incident management<span> </span></span><span>systems;</span></span><span> </span></li> </ul> <ul> <li><span><span>You are competent in static malware<span> </span></span><span>analysis;</span></span><span> </span></li> </ul> <ul> <li><span><span>You have one or more certifications related to incident response (SANS, OSCP, etc.) and<span> </span></span><span>possibly cyber</span><span><span> </span>threat intelligence are desirable.</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>Why Join Us?</span></span><span> </span></p> <p><strong><span><span>Motivational Environment</span></span></strong><span><span> </span><br></span><span><span>Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support.</span></span><span> </span></p> <p><strong><span><span>Challenging Topics</span></span></strong><span><span> </span><br></span><span><span>Contribute to multiple high-impact projects that tackle real-world cybersecurity challenges. Your<span> </span></span><span>expertise</span><span><span> </span>will make a difference.</span></span><span> </span></p> <p><strong><span><span>Empowered Voices</span></span></strong><span><span> </span><br></span><span><span>Your ideas matter.<span> </span></span><span>As a valued team member, your input</span><span><span> </span>will be heard, respected, and considered in decision-making processes.</span></span><span> </span></p> <p><strong><span><span>Technical Growth</span></span></strong><span><span> </span><br></span><span><span>Advance your skills through tailored training programs and hands-on experience. We invest in your development to help you reach your full potential.</span></span><span> </span></p> <p><span> </span></p>