SOC Analyst N2/N3 (M/F)

Let's build a future of trust together

Thales is a global high-tech leader specializing in three sectors: Defense & Security, Aeronautics & Space, and Cyber & Digital. It develops products and solutions that contribute to a safer, more environmentally friendly, and more inclusive world. The Group invests nearly 4 billion euros per year in Research & Development, particularly in key innovation areas such as AI, cybersecurity, quantum, cloud technologies, and 6G. Thales has nearly 81,000 employees in 68 countries.

Our commitments, your benefits

• Success driven by our technological excellence, your experience, and our shared ambition
• An attractive compensation package
• Continuous skill development: training courses, internal academies, and internal communities
• An inclusive, benevolent environment that respects employee balance
• Recognized societal and environmental commitment

Your daily life

By joining the Toulouse site, you will integrate a site bringing together our sovereign cyber defense solutions to face growing cyber threats and our digital services activities enabling us to operate our clients' critical information systems and support them in their secure digital transformation.

In the SOC team, we ensure surveillance (24/7 security monitoring), prevention (monitoring in relation with a CERT), and management of our clients' security systems (Logs Management, Detection & Response to security incidents, Forensic Analysis, Security Expertise, Vulnerability Audits, Identity and Access Management, Security Reporting).

You will join the “Log Management & Security Analysis” team of Thales's SOC and participate notably in the management of analysis operations, log management, response to security incidents for our clients, investigations, and continuous improvement as an N2/N3 SOC analyst.

You will work in conjunction with Thales's international MSSP SOCs (UK, Australia, Netherlands, Hong Kong) and the various cybersecurity entities of the group (consulting, Cyber product development) and on different client detection perimeters in several sectors of activity: aeronautics, space, transport, energy, telecom, banking, biomedical.

Your main missions consist of:

• Being the escalation point for analysis, diagnostics, and recommendations of security incidents using the security management tools at your disposal (XSOAR, SIEM solutions, log management, CTI, cloud SIEM, probe/scanner, EDR, antivirus, authentication and security supervision tools)
• Ensuring the effective execution of the incident resolution process, from detection to incident resolution
• Monitoring and coordinating investigation and remediation action plans
• Providing operational support for security crisis management in case of major security incidents
• Evaluating the impact of security incidents
• Informing our clients' security teams of emerging threats and recommending tactical measures to counter them
• Monitoring the activity carried out on your perimeters on our Palo Alto XSOAR Orchestrator
• Processing service requests or change requests on your perimeters
• Participating/coordinating the technical realization of reports for your clients, animating weekly or monthly operational and technical meetings for your perimeters
• Participating/coordinating security watch activities on your perimeters
• Participating in continuous improvement, automation, and industrialization of our methods and tools

Your profile

Coming from an engineering school or equivalent, you have initial professional experience of at least 2 years in cybersecurity on one of these themes: detection and analysis of security incidents, pentesting, vulnerability analysis, CERT, CLOUD security, Forensic.

Technical skills:

• You master the operation of SIEM solution(s) (e.g., QRadar, Splunk, Sentinel),
• You understand the issues of parsing and log analysis
• You develop detection and correlation rules and set up security indicators and reporting
• You are proactive in continuous improvement on our tools
• You master scripting (e.g., Perl, Bash, Python, Java, Ruby)
• You master operating systems: GNU/Linux and Windows distributions
• You master network and security protocols for service operation
• You master the main IT security equipment (e.g., FW, Proxy, AV, EDR, Probes, Vulnerability Scan)
• You have good knowledge of log management technologies such as: Elastic, Logstash, Kibana
• You are capable of performing vulnerability assessments
• You have good knowledge of information security systems
• You master the operation and design of security supervision

A good command of written and spoken English is necessary to work in an international context.

Beyond technical skills, you are curious to learn and understand, passionate about cybersecurity and its challenges, autonomous but with a team spirit. Your good interpersonal skills and sense of communication allow you to build a relationship of trust with your colleagues and clients.

Thales, a Handi-Engaged company, recognizes all talents. Diversity is our best asset. Apply and join us!

The position may require access to information relating to national defense secrecy, the selected person will be subject to an authorization procedure, in accordance with the provisions of articles R.2311-1 et seq. of the Defense Code and IGI 1300 SGDSN/PSE of August 9, 2021.