Présentation société Voir les autres offres

Consort NT - Security Monitoring & Incident Response Expert

Mission context

  • The Group's Global Security department supports IT and Business Units to develop adequate solutions in Information Security and Risk Management practices.
  • The mission of GS is:
    • to enable sound and formal information security risk decision making by Our Client management
    • to help management with implementing a proper information security management system. Information Security Strategy of GS commits to deliver upon four objectives:
      • enable the extended enterprise;
      • Counter cybercrime;
      • Protect our information systems;
      • Manage security risks.
  • Consequently, the vision of the “GS Cyber Defence' team is to support Counter cybercrime objective by demonstrably 'best in class' preparation and response to unauthorized cyber activity. This is done by providing the following services:
    • Proactive - support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks.
    • Reactive -   triggered by a request / incident / event identified by an intrusion detection system or reported by human.
  • To support those services, The Group is looking for a Security Monitoring & Incident Response expert to focus on Alert/Incident Detection, Qualification and Response activities.


You will carry the following responsibilities

  • Tier 1 - Security Monitoring:
    • Alert Monitoring to detect potentially-malicious or anomalous activity based on event data (log files and data outputs) from a wide range of IT systems and network components (see Miscellaneous).
    • Alert, performance and threshold tuning and analysis across the tool sets, based on traffic patterns and other data.
    • Develop & maintain monitoring and reporting dashboards.
    • Produce and review periodic metrics with regards to security monitoring.
  • Tier 2 - Alert Qualification:
    • Investigate security alerts leveraging a wide range of IT systems and network components (see Miscellaneous), as well as threat intelligence to qualify potential incidents.
    • Escalate confirmed incident to the incident responder on duty.
    • Develop & maintain automation scripts and tools.
    • Feedback to Security Monitoring / Engineering to improve detection and protection controls.
  • Tier 3 - Incident Response:
    • During your duty of incident responder (on call 24/7, one week out of six) you will respond to escalated security alerts / incidents.
    • Perform and/or facilitate digital forensics on workstations, servers, network components, Mobile devices and applications.
    • Develop and maintain incident response plan and procedures.
    • Test the Incident Response capability through regular exercises.
    • Proactively look for potential incidents through threat hunting activities.
  • Miscellaneous:
    • Stay up-to-date with trends in the information security community including new vulnerabilities, methodologies and products.
    • Leverage a wide range of IT systems and network components: IDS/IPS, Firewalls, Web Access Security, SIEM, EDR and DLP systems, Honeypots and other sources.


Technical experience

  • Mandatory:
    • Good understanding of IT security technology and processes (secure networking, Web infrastructure, Wintel, Unix, Linux, etc.);
    • Knowledge of different key protocols and services throughout the seven layers of the OSI model (IP, ICMP, TCP, UDP, Telnet, SSH, SMTP, POP3, HTTP(S), FTP, DNS, ...).
    • Familiarity with common cyber threat modus operandi, tools and techniques (TTP: tools, techniques and procedures)
    • Familiarity with deterministic detection schemes and use of observables (IoC: indicators of compromise)
    • Knowledge of ITIL based operational processes.
  • Preferable:
    • Past experience in an incident response context.
    • Knowledge of various IDS/IPS, NetFlow, and protocol collection and analysis tools such as Snort, Suricata, Bro, Argus, Silk, TCPdump, and WireShark.
    • Knowledge of log aggregation, SIEM solutions and search and analytics engines such as QRadar, Splunk, ArcSight, ELK, ...
    • Experience with programming and scripting languages: most notably Perl, Ruby, and Python.
    • Experience with text manipulation tools, such as SED, AWK and grep.
    • Experience with penetration testing tools such as Metasploit, Core Impact, or Kali Linux.
    • Web Application Security Development. (OWASP);
    • Knowledge of popular cryptography algorithms and protocols: AES, RSA, MD5, SHA, Kerberos, SSL/TLS, Diffie Hellman.
    • Knowledge of some NIDS/NIPS or HIDS/HIPS tools.
    • Knowledge of media forensics and analysis tools.
    • Knowledge of automation of data interfacing and machine to machine communication.
    • Experience in banking environment.
    • Prior experience of working in Agile operating model

Description société

Consort NT is an integrator and Operator of both infrastructures and solutions. Structurally Agile, adaptable and innovative, we harvests the value of human capital and collective Business Intelligence.

Our vision, our strategy and our expertise are organized under four divisions :

1. End-User IT: Promoting the availability and use of all desktop tools, facilitating mobility
2. IT Capacities: Ensuring continuous power and data storage, in line with the business needs.
3. Collective Intelligence: Enhancing data, Empowering the value of Data Sharing
4. Solutions: Developing and Enhancing the use and sharing of information within companies

These 4 divisions have a common goal: Supporting our customers in their digital transformation, empowering users and IT processes and facilitating automation through adapted tools.

- 25 years of existence
- Over 2000 employees
- 140 M€ turnover
- 43% as Projects & Out-sourcing / 57% as Technical Assistance & Expertise
- 39% as Application Solutions / 61% as Infrastructures Services
- 8 services centers 24/24, 7/7 base (ISO 270001, 9001, 14001, 20000-1)
- Sales offices in France, Belgium, Luxembourg, Germany, Canada & Morocco

Lire la suite
Offres d'emploi similaires
Offres similaires basées sur les critères : Security Engineer Incident & Problem Manager Unix Linux TCP/IP Network Security Firewall DNS