Share this Job
Apply now »
ID:  119829
Location: 

Montreal Qc, CA

SOC L3 Analyst

 

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group also acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 130,000 people worldwide, including 2,900 in Marseilles where its head office is located.

 

 

 

CONTEXT & ROLE :
The CMA CGM Group’s incredible growth is dramatically transforming our core business, reinforcing our leading position as an innovative, bold, and customer-oriented company, enhancing more than ever the security of its global operations.
 

With more than 250 team members, the Group Cybersecurity Department, covers all subsidiaries and entities of CMA CGM, with a global roadmap composed of 6 major domain streams (Maritime, Logistics, Ships, Terminals, Warehouses, and Subsidiaries). The Department currently monitors around 80 projects and provides through its 24/7 Operations continuous reliability.
 

In two and a half years, our Cybersecurity team has operated major strategic changes and implemented top-level solutions to secure even further our business activities worldwide: Risk Management tools, IAM, Office 365 security, Networks, Endpoints and Cloud protection, Application Security Enhancement, Cyber Defense Center (SOC and CERT) construction.
 

We look now to reinforce our teams with new skills to reach the next level of Cybersecurity and continue building a globally structured team based in Marseilles, Beirut, Manila, Montreal, Miami, and more…
 

As a key focus for the Group, our Top Management fully sponsors this Global Cybersecurity Program, through strategic investments in the best market technologies and an ambitious recruitment campaign in 2022, providing assets, skills, and top-level resilience to face the world’s global challenges ahead.

 

We are therefore looking for a Security Operations Center (SOC) Level 3 (L3) Analyst to join our Cyber Defense Center. He/She will be in charge to protect CMA-CGM group by performing advanced triage, incident response and digital forensics. He/She will have the opportunity to work with a highly dynamic and motivated team and a high level of security solutions.
The SOC L3 Analyst will report to the SOC Manager.


 

RESPONSIBILITIES :
As a SOC Level 3 Analyst within the Cyber Defense Center, you will:
• Protect the CMA-CGM group:
o Participate in a 24x7 Security Operation Center (SOC) environment following the sun
o Serve as Tier 3 level for complex cases that may require digital forensics, advance analysis skills and thorough Incident Report.
o Act a technical lead to support and guide SOC L2 analysts in the context of cyber investigations
o Proactively identify indicators of compromise and generate and execute Incident Response Plan upon detection.
o Conduct Threat Hunting sessions
o Advanced analysis of security alerts and incidents identified from different and advanced security platforms;
o Effectively troubleshoot and investigate security events, communicate findings, and escalate concerns to staff as directed;
o Process and manage requests for various security services such as responding to security inquiries from affiliates/ stakeholders, reviewing malicious/suspicious files;
o Provide Incident Response (IR) support when analysis confirms an actionable incident;
• Contribute to continuous improvement of SOC posture:
o Advanced tuning of SOC Use Cases;
o Conduct Security simulation sessions with CTI analysts;
o Design, maintain and continuous improve SOC playbooks, SOC standard operating procedures (SOP), processes and guidelines;
• Learn, grow and develop on the Blue team
o Conduct Incident Response simulation
o Collaborate and works closely SOC RUN Lead towards the continuous improvement of the service;
o Support Lead, Manager in various tasks and projects
• Participate to small projects:
o Build rules and intelligence to detect threats and proliferate to all monitored networks;
o Develop SOC Use Cases;
o Testing security solutions;
o Implementation of SOC platform tools / solution;
These activities are non-exhaustive and can evolve according to operational needs.


 

PROFILE AND QUALIFICATIONS :
You profile corresponds to the following criteria:
• Bachelor's degree in Computer Science, Computer Engineering, IT Security, or a related field; alternatively, equivalent demonstrated knowledge.
• Highly technical with at least 5 years of relevant experience as an analyst in IT Security or SOC.
• Experience with Security Operations Center, network event analysis and/or threat analysis
• Knowledge of various security methodologies and technical security solutions.
• Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway.
• Experience in Digital Forensics (disk and memory analysis)
• Experience on Malware Analysis and reversing.
• Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
• Knowledge of the common attack vectors on various layers.
• Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix.
• Experience in the transport/shipping/logistics is a plus.


You also possess the following qualities:
• Highly motivated and willing to learn;
• Autonomy and proactive behavior;
• Great understanding of the device’s security logs;
• Analysis and synthesis capacity;
• Strong ability to work and interact with management, business customers, functional & technical oriented teams;
• Discretion with regard to sensitive matters

 

 

Come along on CMA CGM’s adventure !

 

 

 

 

 

 

 

 

 

 

Apply now »