SOC / Cybersecurity Analyst Engineer

To support its expansion, Phishia is looking for a dynamic and motivated SOC / Cybersecurity Analyst Engineer to support the growth of our cybersecurity and Managed SOC activities.

About Phishia

Phishia is a consulting firm founded by two engineers, specializing in major technological and strategic issues: cybersecurity, artificial intelligence and sustainability. We work with leading companies such as major players in the CAC 40 (Airbus, Bouygues, SNCF ...), with recognized expertise in cybersecurity, our core business. Our divisions
cybersecurity and AI are experiencing sustained growth, driven by strong demand, key regulatory issues and a pragmatic approach.
Joining Phishia means joining a human-sized, ambitious and committed organization, positioned at the heart of the digital and ecological transitions.

Main tasks

• Supervision & detection: real-time monitoring of security events via various SIEMs (Tetris, Google Sec Ops, Wazuh, Splunk); incident analysis, qualification and escalation.
• Orchestration & correlation: exploit the Tetris platform (orchestration, multi-source correlation, automation) to enrich alerts, trigger playbooks and reduce mean time to detection.
• Endpoint protection: deploy, configure and operate CrowdStrike Falcon, SentinelOne, Tetris and Microsoft Defender for Endpoint EDRs to contain malicious activity.
• Network IDS/IPS: set up and manage Zeek, Suricata and Snort probes to detect intrusion attempts on critical flows.
• Investigation & response: perform log analysis, forensic investigations and draft detailed incident reports; recommend immediate measures and monitor their implementation.
• Scenario development: design and maintain correlation and detection rules based on the MITRE ATT&CK framework to improve coverage and reduce mean detection time.
• Automation & reporting: create scripts (Python/Bash) and dashboards (Grafana, Power BI) to automate repetitive tasks, track KPIs (MTTD, MTTR) and present SOC activity.
• Monitoring & continuous improvement: ensure proactive monitoring of vulnerabilities, adverse TTPs and regulatory requirements; update playbooks and participate in crisis management exercises.

Profile required

Graduate of an engineering school or Master's degree (Bac+5) in cybersecurity, systems/networks or equivalent
Confirmed experience or motivated junior in SOC or operational security
Good command of Linux/Windows systems and network protocols
Detection tools: SIEM, EDR, IDS/IPS, Wireshark, malware analysis tools
Ability to communicate effectively, both orally and in writing
Autonomy, rigor, analytical skills and technical curiosity
Good understanding of methodological frameworks: MITRE ATT&CK, NIST, EBIOS RM

What we offer

A strategic position within a fast-growing firm, with rapid increase in responsibility
Advanced technical environment (lab, pro & open source tools)
Missions with high operational and strategic stakes
A flexible, telecommuting working environment with a committed team
Ongoing training (certifications, methodologies, threat intel, etc.)
-Remuneration according to profile, additional benefits
Opportunities for advancement to lead SOC, consultant or CISO positions