Security Incident Response Expert
AXA Group
France
EUR 40 000 - 60 000
Description du poste
Description
Company statement
With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.
Business unit statement
To support our business strategy and digital transformation, AXA is enlarging its Cyber Defense team to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Cyber Security is to 'protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees'.
Job purpose
Digital Forensics and Incident Response (DFIR) activities including assessment, analysis, categorization, classification, and investigation of cybersecurity incidents.
Manage cybersecurity incidents to ensure timely containment and risk mitigation engaging with operational teams and leadership as required and according to Security Incident Management Processes.
Handle potential high severity incidents autonomously during non-working hours (on rotational on-call basis).
Collect, document and analyze evidence as part of the digital forensics capability of CyberDefense and AXA CERT.
Follow-up security incidents resolution and track updates in ticketing tool.
Notify and communicate to relevant stakeholders including Group and entity CISO/CSO.
Support SOC Security Analysts and an international network of local security incident handlers from AXA entities.
Perform lessons learned activities, e.g. security incident reviews, post mortem documentation.
Contribute to the improvement of the DFIR capability including development and integration of open source and commercial tools in a dedicated forensic lab.
Contribute to threat hunting activity proactively and in the context of high severity incidents.
Participate in use case development and SIEM rules threshold tuning.
Act as a mentor to more junior Security Incident Response Specialists, support and supervise them, ensure knowledge transfer within the team.
Professional communications and reporting to SOC stakeholders and customers.
Participate in exchanges with national and international CERT/CSIRT communities.
Key responsibilities - accountabilities
Security Incident Response Expert according to Security Incident Management Processes.
Security Incident Reports and Lessons Learned.
Communication to stakeholders.
Security Incident Response documentation.
Collect and document data from a variety of sources to assist incident response actions.
Coordination with other teams for effective incident response.
Mentor and guide the more junior Incident, Forensics & Threat Intelligence Manager.
Coordinate complex security incident responses that require deeper background knowledge.
Provide leadership, guidance and deep technical expertise to deliver professional services to customers.
Continually maintain and improve technical capabilities through individual development activities.
Required soft skills & behavioral competencies
Leadership: Creates an environment for developing and fostering leadership excellence. Effectively communicates the group vision and goals and the benefits in achieving the strategy. Recognizes potential leaders and provides them with challenging assignments/stretch goals. Takes calculated risks in decision-making and seeks inputs from the team/stakeholders for the same. Creates mechanisms to recognize individual/group contributions & achievements. Can effectively mentor others to acquire this competency.
Strategic Thinking: Articulates a vision, develops organizational goals and strategies. Maintains a wider perspective, aligns actions and contributes to the enhancement of overall organizational strategy including outputs from benchmarking activities and reviews. Understands and articulates the projected direction of the organization and how changes to it might impact the group. Is aware of the trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization.
Problem Solving: Recommends solutions relevant to the complexity, scope, risk and magnitude of problems.
Planning: Plans up to 2-5 years ahead (particularly when preparing budgets and resource requirements), in accordance with the project/program portfolio to ensure its successful delivery. Provides input into planning and prioritization of project activities. Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information. Forward planning required e.g. target setting and forecasting trends. Ability to manage action plans, review progress and make adjustments where required.
Decision Making: Advises on decisions regarding strategy, policy, and structures. Quick to assimilate and integrate new information for informed decision making. Monitors changes in the operating environment, quick to act upon potential opportunities. Able to quickly evaluate a situation or issue and take the initiative within limits of authority.
Coaching and Mentoring: Coaching: The process of assisting individuals to set goals then supports the execution of the goals through establishing strategy and providing feedback, insight and guidance to enable the individual to reach their fullest potential. Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in training and development or general support role.
Interpersonal Skills: Assertiveness, empathy, active listening. Oral communication, persuasive skill.
Qualifications
Education
Bachelor degree in Computer Science or Information Security would be desirable but is not essential.
Certification
GIAC GCIH (SANS SEC504), GIAC GCFA (SANS FOR508).
Strongly preferred: GIAC GDAT (SANS SEC599), GIAC GNFA (SANS FOR572), GIAC GCFE (SANS FOR408), GIAC GCIA (SANS SEC503), GIAC GREM (SANS FOR610).
Preferred: Security infrastructure certification.
Preferred: ITIL foundation.
Preferred: Offensive security certification (OSCP, SEC560, CEH).
Overall work experience in the field: Demonstrated experience in performing Information security incident analysis and response > 4 years. Demonstrated experience in SOC/CSIRT > 3 years. Demonstrated experience in network/security infrastructure administration > 2 years. Demonstrated experience Linux/Windows administration > 1 year. Demonstrated experience in large and complex organization(s) > 3 years. Demonstrated experience in usage of ticketing tools. Demonstrated on-the-job experience with any of the standard commercial SIEM tools.
Technical Skills / abilities
Ability to identify risks, threats, vulnerabilities and associated attacks that might involve: malicious code, protocol/design/configuration flaws. Strong troubleshooting and analytical skills. Understanding of the Internet and detailed knowledge of network protocols (Ethernet, 802.11.X, IP, ICMP, TCP, UDP...). Knowledge of application/services related protocols (DNS, SMTP, HTTP, FTP...). Knowledge of network infrastructure elements and architecture (Firewall, Proxy, IPS, WAF...). Knowledge of current security vulnerabilities and related attack methodologies. Detailed knowledge of packet capture analysis and usage of associated tools. Detailed knowledge of log management (Syslog, CEF, debug levels, parsing...). Knowledge of encryption algorithms, digital signature mechanisms and PKI. Knowledge of scripting, character manipulation and regular expressions.
Personal Skills / abilities
Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively. Good interpersonal and communication skills, works effectively as a team player. Common sense to make efficient and acceptable decisions. Willingness to continue education and to stay up to date, passionate about IT and information security. Ability to work under pressure. Ability to look up information and to solve unknown problems. Diplomacy when dealing with other parties. Ability to function effectively in a matrix structure. Cross-cultural sensitivity, flexibility. Fluent in English.
About AXA
As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.
AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation. We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.
We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.
At AXA Group Operations, we want to be recognized in three fields of action:
Company statement
With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.
Business unit statement
To support our business strategy and digital transformation, AXA is enlarging its Cyber Defense team to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Cyber Security is to 'protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees'.
Job purpose
Digital Forensics and Incident Response (DFIR) activities including assessment, analysis, categorization, classification, and investigation of cybersecurity incidents.
Manage cybersecurity incidents to ensure timely containment and risk mitigation engaging with operational teams and leadership as required and according to Security Incident Management Processes.
Handle potential high severity incidents autonomously during non-working hours (on rotational on-call basis).
Collect, document and analyze evidence as part of the digital forensics capability of CyberDefense and AXA CERT.
Follow-up security incidents resolution and track updates in ticketing tool.
Notify and communicate to relevant stakeholders including Group and entity CISO/CSO.
Support SOC Security Analysts and an international network of local security incident handlers from AXA entities.
Perform lessons learned activities, e.g. security incident reviews, post mortem documentation.
Contribute to the improvement of the DFIR capability including development and integration of open source and commercial tools in a dedicated forensic lab.
Contribute to threat hunting activity proactively and in the context of high severity incidents.
Participate in use case development and SIEM rules threshold tuning.
Act as a mentor to more junior Security Incident Response Specialists, support and supervise them, ensure knowledge transfer within the team.
Professional communications and reporting to SOC stakeholders and customers.
Participate in exchanges with national and international CERT/CSIRT communities.
Key responsibilities - accountabilities
Security Incident Response Expert according to Security Incident Management Processes.
Security Incident Reports and Lessons Learned.
Communication to stakeholders.
Security Incident Response documentation.
Collect and document data from a variety of sources to assist incident response actions.
Coordination with other teams for effective incident response.
Mentor and guide the more junior Incident, Forensics & Threat Intelligence Manager.
Coordinate complex security incident responses that require deeper background knowledge.
Provide leadership, guidance and deep technical expertise to deliver professional services to customers.
Continually maintain and improve technical capabilities through individual development activities.
Required soft skills & behavioral competencies
Leadership: Creates an environment for developing and fostering leadership excellence. Effectively communicates the group vision and goals and the benefits in achieving the strategy. Recognizes potential leaders and provides them with challenging assignments/stretch goals. Takes calculated risks in decision-making and seeks inputs from the team/stakeholders for the same. Creates mechanisms to recognize individual/group contributions & achievements. Can effectively mentor others to acquire this competency.
Strategic Thinking: Articulates a vision, develops organizational goals and strategies. Maintains a wider perspective, aligns actions and contributes to the enhancement of overall organizational strategy including outputs from benchmarking activities and reviews. Understands and articulates the projected direction of the organization and how changes to it might impact the group. Is aware of the trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization.
Problem Solving: Recommends solutions relevant to the complexity, scope, risk and magnitude of problems.
Planning: Plans up to 2-5 years ahead (particularly when preparing budgets and resource requirements), in accordance with the project/program portfolio to ensure its successful delivery. Provides input into planning and prioritization of project activities. Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information. Forward planning required e.g. target setting and forecasting trends. Ability to manage action plans, review progress and make adjustments where required.
Decision Making: Advises on decisions regarding strategy, policy, and structures. Quick to assimilate and integrate new information for informed decision making. Monitors changes in the operating environment, quick to act upon potential opportunities. Able to quickly evaluate a situation or issue and take the initiative within limits of authority.
Coaching and Mentoring: Coaching: The process of assisting individuals to set goals then supports the execution of the goals through establishing strategy and providing feedback, insight and guidance to enable the individual to reach their fullest potential. Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in training and development or general support role.
Interpersonal Skills: Assertiveness, empathy, active listening. Oral communication, persuasive skill.
Qualifications
Education
Bachelor degree in Computer Science or Information Security would be desirable but is not essential.
Certification
GIAC GCIH (SANS SEC504), GIAC GCFA (SANS FOR508).
Strongly preferred: GIAC GDAT (SANS SEC599), GIAC GNFA (SANS FOR572), GIAC GCFE (SANS FOR408), GIAC GCIA (SANS SEC503), GIAC GREM (SANS FOR610).
Preferred: Security infrastructure certification.
Preferred: ITIL foundation.
Preferred: Offensive security certification (OSCP, SEC560, CEH).
Overall work experience in the field: Demonstrated experience in performing Information security incident analysis and response > 4 years. Demonstrated experience in SOC/CSIRT > 3 years. Demonstrated experience in network/security infrastructure administration > 2 years. Demonstrated experience Linux/Windows administration > 1 year. Demonstrated experience in large and complex organization(s) > 3 years. Demonstrated experience in usage of ticketing tools. Demonstrated on-the-job experience with any of the standard commercial SIEM tools.
Technical Skills / abilities
Ability to identify risks, threats, vulnerabilities and associated attacks that might involve: malicious code, protocol/design/configuration flaws. Strong troubleshooting and analytical skills. Understanding of the Internet and detailed knowledge of network protocols (Ethernet, 802.11.X, IP, ICMP, TCP, UDP...). Knowledge of application/services related protocols (DNS, SMTP, HTTP, FTP...). Knowledge of network infrastructure elements and architecture (Firewall, Proxy, IPS, WAF...). Knowledge of current security vulnerabilities and related attack methodologies. Detailed knowledge of packet capture analysis and usage of associated tools. Detailed knowledge of log management (Syslog, CEF, debug levels, parsing...). Knowledge of encryption algorithms, digital signature mechanisms and PKI. Knowledge of scripting, character manipulation and regular expressions.
Personal Skills / abilities
Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively. Good interpersonal and communication skills, works effectively as a team player. Common sense to make efficient and acceptable decisions. Willingness to continue education and to stay up to date, passionate about IT and information security. Ability to work under pressure. Ability to look up information and to solve unknown problems. Diplomacy when dealing with other parties. Ability to function effectively in a matrix structure. Cross-cultural sensitivity, flexibility. Fluent in English.
About AXA
As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.
AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation. We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.
We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.
At AXA Group Operations, we want to be recognized in three fields of action:
- State-of-the-art Data Technology to drive customer experience
- State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
- High-Performing Global Team for stronger partnerships with AXA entities
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Décrochez un poste
plus rapidement
plus rapidement
