Senior Cybersecurity SOC Analyst

Purpose

Key Missions

As a Senior SOC Analyst, you will play a key role in detecting, analyzing, and responding to cybersecurity incidents across IDEMIA’s global environments (Office, R&D, Production, Cloud). You will also dedicate some time to improving detection, response, and automation capabilities, helping evolve our SOC into a proactive, automation-driven defense center.

Key Responsibilities -:

Incident Detection & Response -

• Monitor and triage security alerts from multiple sources including Cortex XSIAM, SIEM, EDR, and SOAR platforms, ensuring accurate prioritization and response.

• Lead complex incident investigations, including advanced persistent threats (APT), lateral movement, privilege escalation, and data exfiltration scenarios.

• Perform in-depth forensic analysis on endpoints, logs, and network traffic to identify root causes and attack vectors.

• Correlate multi-source telemetry (e.g., endpoint, cloud, identity, email) to reconstruct attack timelines and identify impacted assets.

• Coordinate incident response activities with internal stakeholders, including IT, business units, and legal/compliance teams.

• Drive and oversee external MSSPs (SOC, CTI, web monitoring, and third-party forensic providers) to ensure timely, high-quality support during

Investigations and threat monitoring-

• Ensure alignment and escalation processes between internal teams and MSSPs are well-defined, efficient, and continuously improved.

• Document and communicate incident findings, including impact assessments, containment actions, and lessons learned.

• Contribute to post-incident reviews and ensure implementation of corrective actions and detection improvements.

Continuous Improvement and projects -

• Lead technical initiatives to enhance SOC capabilities, including development of advanced detection rules, enrichment pipelines, and automated response playbooks.

• Develop and refine detection logic using behavioral analytics, threat intelligence, and MITRE ATT&CK mapping.

• Drive end-to-end projects to optimize incident response workflows using Cortex XSIAM ensuring measurable improvements in response time and accuracy.

• Design and implement integrations between SOC tools (e.g., SIEM, EDR, CTI platforms, SIRP) to improve alert workflow and reduce latency.

• Conduct regular gap analyses on detection coverage and propose technical solutions to address blind spots across cloud, endpoint, and network layers.

• Automate repetitive SOC tasks using scripting (e.g., Python, PowerShell) and SOAR workflows to improve analyst efficiency and reduce MTTR.

Required Skills & Experience -

• 4 to 8 years of experience in SOC operations or incident response.

• Proven experience with Cortex XSIAM, or strong hands-on with Cortex XDR/XSOAR, or equivalent EDR/SIEM/SOAR platforms.

• Strong knowledge of cybersecurity frameworks (e.g., MITRE ATT&CK, NIST).

• Experience in handling high-impact or rare incidents.

• Proficiency in log analysis, threat hunting, and root cause analysis.

• Familiarity with scripting (Python, PowerShell) and automation.

Qualifications -

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

• Relevant certifications (e.g., CEH, GCIA, GCIH, CySA+, CISSP, PCSAE) are a plus.

Scope & Conditions -

• Geographical Scope: Global

• Work Schedule: 24/7 team with follow-the-sun model; on-call duty required during weekends.

• Language: Fluent in English, 95% of daily activities will be in English.

Profile & Other Information