Senior SOC Analyst - Cybersecurity Incident Response & Continuous Improvement

Purpose

As a Senior SOC Analyst, you will play a key role in detecting, analyzing, and responding to cybersecurity incidents across IDEMIA’s global environments (Office, R&D, Production, Cloud). You will also dedicate some time to improving detection, response, and automation capabilities, helping evolve our SOC into a proactive, automation-driven defense center.

Key Missions

Incident Detection & Response
•    Monitor and triage security alerts from multiple sources including Cortex XSIAM, SIEM, EDR, and SOAR platforms, ensuring accurate prioritization and response.
•    Lead complex incident investigations, including advanced persistent threats (APT), lateral movement, privilege escalation, and data exfiltration scenarios.
•    Perform in-depth forensic analysis on endpoints, logs, and network traffic to identify root causes and attack vectors.
•    Correlate multi-source telemetry (e.g., endpoint, cloud, identity, email) to reconstruct attack timelines and identify impacted assets.
•    Coordinate incident response activities with internal stakeholders, including IT, business units, and legal/compliance teams.
•    Drive and oversee external MSSPs (SOC, CTI, web monitoring, and third-party forensic providers) to ensure timely, high-quality support during investigations and threat monitoring.
•    Ensure alignment and escalation processes between internal teams and MSSPs are well-defined, efficient, and continuously improved.
•    Document and communicate incident findings, including impact assessments, containment actions, and lessons learned.
•    Contribute to post-incident reviews and ensure implementation of corrective actions and detection improvements.

Continuous Improvement and projects
•    Lead technical initiatives to enhance SOC capabilities, including development of advanced detection rules, enrichment pipelines, and automated response playbooks.
•    Develop and refine detection logic using behavioral analytics, threat intelligence, and MITRE ATT&CK mapping.
•    Drive end-to-end projects to optimize incident response workflows using Cortex XSIAM ensuring measurable improvements in response time and accuracy.
•    Design and implement integrations between SOC tools (e.g., SIEM, EDR, CTI platforms, SIRP) to improve alert workflow and reduce latency.
•    Conduct regular gap analyses on detection coverage and propose technical solutions to address blind spots across cloud, endpoint, and network layers.
•    Develop and execute threat hunting campaigns based on MITRE ATT&CK and real-world threat intelligence, with documented hypotheses, findings, and remediation actions.
•    Lead proof-of-concept (PoC) evaluations for new security technologies and orchestrators, including performance benchmarking and operational impact assessments.
•    Automate repetitive SOC tasks using scripting (e.g., Python, PowerShell) and SOAR workflows to improve analyst efficiency and reduce MTTR.
•    Work closely with business teams, IT, and project managers to align SOC improvements with operational needs, project timelines, and risk management priorities.
•    Maintain technical documentation and change logs for all improvement initiatives, ensuring traceability and knowledge transfer across the team.

Profile & Other Information

Required Skills & Experience
•    3–7 years of experience in SOC operations or incident response.
•    Proven experience with Cortex XSIAM, or strong hands-on with Cortex XDR/XSOAR, or equivalent EDR/SIEM/SOAR platforms.
•    Strong knowledge of cybersecurity frameworks (e.g., MITRE ATT&CK, NIST).
•    Experience in handling high-impact or rare incidents.
•    Proficiency in log analysis, threat hunting, and root cause analysis.
•    Familiarity with scripting (Python, PowerShell) and automation.

Qualifications
•    Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
•    Relevant certifications (e.g., CEH, GCIA, GCIH, CySA+, CISSP, PCSAE) are a plus.

Scope & Conditions
•    Geographical Scope: Global
•    Work Schedule: 24/7 team with follow-the-sun model; on-call duty required during weekends.
•    Language: Fluent in English, Native in French