Apply now »
ID:  542889
Location: 

Montreal Qc, CA

Azure Sentinel Engineer

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 155,000 people worldwide, including 4,000 in Marseilles where its head office is located.

 

 

CMA CGM Canada is looking for an Azure Sentinel Engineer to join our Cyber Defense Center (CDC). They will be responsible for Improving and maintaining the CDC Azure platform as well as support the SOC during their investigation. Security threats have increased drastically in the last few years and organizations are facing an increasingly complex threat landscape. You will have the opportunity to work with a highly dynamic and motivated team and a high level of security solutions.

 

RESPONSIBILITIES

 

As an Azure Sentinel Engineer within the Cyber Defense Center, you will:

  • Protect the CMA-CGM group:
    • Configure and fine-tune detection analytics rules to maintain a strong detection level of visibility.
    • Configure Data connector to onboard new log sources.
    • Configure and leverage Azure Logic App to create automated response or enrichment rules.
    • Support the creation of Threat Hunting rules and create notebook to leverage their results.
    • Onboard and manage threat intel feeds into Sentinel.
    • Leverage ARM template to deploy configuration in other tenants.
    • Build azure Lighthouse configuration script to onboard customer tenants.
    • Leverage the Azure stack to improve CMA CGM security resilience.
    • Process and manage requests for various security services such as responding to security inquiries from affiliates/ stakeholders.
    • Provide Incident Response (IR) support when analysis confirms an actionable incident.
    • Serve as support for Tier 3 analyst level during complex cases that may require digital forensics, advance analysis skills and thorough Incident Report.
    • Act a technical support and guide SOC analysts if needed during their investigation.

 

  • Contribute to continuous improvement of SOC posture:
    • Create advanced detection rules for Business & SOC Use Cases.
    • Conduct audit of the platform configuration to optimize it.
    • Design, maintain and continuously the SOC playbooks, SOC standard operating procedures (SOP), processes and guidelines.
    • Optimize the way logs are processed and leveraged by SOC team members.
    • Optimize Azure Sentinel cost when it can be.

 

  • Learn, grow and develop on the Blue team
    • Conduct Incident Response simulation
    • Collaborate and works closely with SOC RUN Lead towards the continuous improvement of the service.
    • Support Lead, Manager in various tasks and projects

 

  • Participate to small projects:
    • Build rules and intelligence to detect threats and proliferate to all monitored networks.
    • Develop dashboard for Business and SOC Use Cases.
    • Testing security solutions.
    • Implementation of SOC platform tools / solution.

These activities are non-exhaustive and can evolve according to operational needs.

 

 

QUALIFICATIONS & PROFILE

 

** ALL CANDIDATES MUST BE LEGALLY AUTHORIZED TO WORK IN CANADA**

 

 

Education:

  • Bachelor's degree in Computer Science, Computer Engineering, IT Security, or a related field; alternatively, equivalent demonstrated knowledge.

Experience & Knowledge:

  • Highly technical with at least 5 years of relevant experience as an analyst in IT Security or SOC.
  • Experience with Security Operations Center, SIEM management & solutions ownership.
  • Knowledge of various security methodologies and technical security solutions.
  • Strong understanding of JSON, KQL, and PowerShell languages.
  • Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway.
  • Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
  • Knowledge of the common attack vectors on various layers.
  • Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix.
  • Experience in the transport/shipping/logistics is a plus.

Other:

  • Highly motivated and willing to learn;
  • Autonomy and proactive behavior;
  • Great understanding of the device’s security logs;
  • Analysis and synthesis capacity;
  • Strong ability to work and interact with management, business customers, functional & technical oriented teams;
  • Discretion with regard to sensitive matters

 

 

We are an equal opportunity employer!

 

 

Come along on CMA CGM’s adventure !

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Apply now »