Mission freelance SOC expert (h/f)

emagine is looking for a “SOC expert ” fluent in English for one of its clients:





Start date: ASAP

Duration: 1 year +

Location: 75017

Remote: 3 days per week
 

Main tasks:

Detection Use Case Development: Design and implement detection use cases and playbooks tailored to identify both known and emerging threats within the organization’s environment.

Create custom update polices leveraging KQL and regex


Rule Creation & Optimization: Develop and fine-tune rules, signatures, and logic in SIEM, EDR, and NDR platforms to detect suspicious activities effectively while minimizing false positives. Maintain and define the detection engineering DevOps processes and toolset.


Threat Monitoring: Collaborate with SOC analysts to ensure that detection mechanisms are performing as intended and adjust them based on feedback and real-world events.


Automation & Integration: Work with the automation team to integrate detection capabilities into SOAR platforms, streamlining response processes and enhancing efficiency. Develop automated attack scenarios to continuously test use cases under development. Develop automation strategies to improve detection and investigation capabilities.


Collaboration with Threat Intelligence Teams: Utilize threat intelligence feeds and indicators to enhance detection mechanisms, ensuring that detection logic is informed by the latest threat actor TTPs (Tactics, Techniques, and Procedures).


Collaboration with Incident Response & Threat Hunting Teams: Partner with incident response and threat hunting teams to validate detection efficacy and refine strategies based on incident learnings.


Documentation & Expertise Sharing: Document detection strategies, rules, and processes, and share expertise with SOC teams to improve overall operational readiness.


Continuous Improvement: Stay updated on the latest developments in cybersecurity and detection technologies, continuously improving and refining detection methodologies.


Metrics & Reporting: Assist in tracking and reporting on the effectiveness of detection strategies, providing insights to improve SOC operations.



Skills:

2 years Expertise in Information Security


2 years expertise in a similar mission


Expertise in detection engineering approach in depth


Expertise of regular expressions and their application in data manipulation and analysis


Expertise with Azure Sentinel SIEM platform


Preferred SIEM vendor certification of administrator level


Expertise using KQL at a senior developer level


Expertise of applying the MITRE ATT&CK Framework to security Use Cases


Expertise with different security attack vectors and means of protection


Expertise working with security platforms such as SIEM, SOAR, etc


Any relevant security certifications are a plus


English environment- mandatory



If you are interested in this position, please send your application (CV + TJ) to the following address:

-email masqué-

06 72 02 01 72