Share this Job
Apply now »
ID:  119420

Marseille, FR

SOC L3 Analyst

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 150,000 people worldwide, including 2,900 in Marseilles where its head office is located.


We are looking for a Security Operations Center (SOC) Level 3 (L3) Analyst to join our Cyber Defense Center. He/She will be in charge to protect CMA-CGM group by performing advanced triage, incident response and digital forensics. Security threats have increased drastically in the last few years and organizations are facing an increasingly complex threat landscape. He/She will have the opportunity to work with a highly dynamic and motivated team and a high level of security solutions.
The SOC L3 Analyst will report to the SOC Manager.


As a SOC Level 3 Analyst within the Cyber Defense Center, you will:
• Protect the CMA-CGM group:
     Participate in a 24x7 Security Operation Center (SOC) environment following the sun
     Serve as Tier 3 level for complex cases that may require digital forensics, advance analysis skills and thorough Incident Report.
     Act a technical lead to support and guide SOC L2 analysts in the context of cyber investigations
     Proactively identify indicators of compromise and generate and execute Incident Response Plan upon detection.
     Conduct Threat Hunting sessions
     Advanced analysis of security alerts and incidents identified from different and advanced security platforms;
     Effectively troubleshoot and investigate security events, communicate findings, and escalate concerns to staff as directed;
     Process and manage requests for various security services such as responding to security inquiries from affiliates/ stakeholders, reviewing malicious/suspicious files;
     Provide Incident Response (IR) support when analysis confirms an actionable incident;
• Contribute to continuous improvement of SOC posture:
     Advanced tuning of SOC Use Cases;
     Conduct Security simulation sessions with CTI analysts;
     Design, maintain and continuous improve SOC playbooks, SOC standard operating procedures (SOP), processes and guidelines;
• Learn, grow and develop on the Blue team
     Conduct Incident Response simulation
     Collaborate and works closely SOC RUN Lead towards the continuous improvement of the service;
     Support Lead, Manager in various tasks and projects
• Participate to small projects:
     Build rules and intelligence to detect threats and proliferate to all monitored networks;
     Develop SOC Use Cases;
     Testing security solutions;
     Implementation of SOC platform tools / solution;
These activities are non-exhaustive and can evolve according to operational needs.


You profile corresponds to the following criteria:
• Bachelor's degree in Computer Science, Computer Engineering, IT Security, or a related field; alternatively, equivalent demonstrated knowledge.
• Highly technical with at least 5 years of relevant experience as an analyst in IT Security or SOC.
• Experience with Security Operations Center, network event analysis and/or threat analysis
• Knowledge of various security methodologies and technical security solutions.
• Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway.
• Experience in Digital Forensics (disk and memory analysis)
• Experience on Malware Analysis and reversing.
• Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
• Knowledge of the common attack vectors on various layers.
• Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix.
• Experience in the transport/shipping/logistics is a plus.

You also possess the following qualities:
• Highly motivated and willing to learn;
• Autonomy and proactive behavior;
• Great understanding of the device’s security logs;
• Analysis and synthesis capacity;
• Strong ability to work and interact with management, business customers, functional & technical oriented teams;
• Discretion with regard to sensitive matters

Come along on CMA CGM’s adventure !











Apply now »