SOC Engineer

We are looking for a SOC Engineer for a challenging project! The Syone's client is a French multinational financial services firm specialized in Asset & Wealth Management, Corporate & Investment Banking, Insurance and Payments. Based in Porto, the syone's client mission is to transform traditional banking by developing innovative solutions for the bank’s business, operations and work culture worldwide, as a key driver of the company’s culture of agility and innovation. Teams of IT and Banking Support Activities work in an integrated, inclusive and transversal way, supporting all the business lines and country platforms.

What you'll do:

• Integrated within the Security Operation Center (SOC) BPCE-IT, the Blue Team is the first line of defence, responsible for defending the enterprise's use of information systems by maintaining its security posture against attackers.
• Detection, categorization and investigation of infrastructure, applications and security incidents.
• Vulnerability management on critical vulnerabilities (handling, categorization and follow-up).
• Leading incident response plans.
• Follow-up of remediation plans.
• Implementation of detection scenarios and treatment of associated alerts.
• Responsible for monitoring and analyzing the organization’s networks and systems on a daily basis to detect, identify, investigate, and mitigate potential threats. 
• Able to identify anomalous behavior, recognize patterns of malicious activity, and take appropriate corrective action.
• Provide recommendations for improving security posture and assist with incident response plans, policies, and procedures. 
• Recommending tools or solutions, participating in audit activities, providing reporting on security events/incidents and collaborating with other teams across the organization.

Main Tasks and Responsabilities:

• Participation in improving correlation and log analysis rules.
• Conduct investigations and research including statistics.
• Interpret or perform first level (Sandbox or manual) minimum scans on malicious codes.
• Improve our Threat Intelligence activity.
• Handling incidents.
• Creating, and managing service requests via our ticketing tools (ServiceSnow / SecOps / TheHive).
• Qualify and analyze these elements to determine the cause of the incident, the mode of operation of the attack (vulnerabilities use, tactics, technics), the scope and the perimeter of compromise.
• Knowledge transferring in-house and writing documentation.

What you will need to bring:

• Operational on the security tools used in the BPCE IS and master the architectures in place.
• Knowledge in SIEM/SOAR.
• Knowledge of the operating principles of Information Monitoring and Security Event Solutions (SIEM).
• Good experience of Splunk and Regex search syntax.
• Good experience of TheHive.
• Good knowledge of network and system architectures.
• Knowledge of the operation of intrusion detection probes and event log correlation tools.
• Good knowledge of Mitre Attack framework and counter measures link to the technics and tactics.
• Good knowledge of Information monitoring and analysis tools and methods.
• Good knowledge of the security standards for different technologies (web servers, messaging, database, DNS, proxy, firewall, etc.).
• Good knowledge in Web application vulnerabilities, malware types (rootkit, ransomware, botnet, etc.), obfuscation and persistence technics (cryptography, packing, etc.), digital investigation/analysis tools, and SandBox behavioral.
• Good level of English – minimum B2 level.

• Good level of French - minimum B1 level.

What can Syone offer me:

• Integration in an organization with profound and sustained growth and involvement in pioneering projects with innovative technological solutions;
• Strong IT training plans;
• Professional evolution with intervention in ambitious technological projects, both national and internationally.