SOC / Cybersecurity Analyst Engineer

Pour l’assister dans son expansion, Phishia recherche un(e) Ingénieur(e) Analyste SOC / Cybersécurité dynamique et motivé(e) pour accompagner la croissance de nos activités en cybersécurité et SOC Managé.

About Phishia

Phishia est un cabinet de conseil fondé par deux ingénieurs, spécialisé dans les grands enjeux technologiques et stratégiques : cybersécurité, intelligence artificielle et durabilité. Nous accompagnons des entreprises de référence telles que des acteurs majeurs du CAC 40 (Airbus, Bouygues, SNCF …), avec une expertise reconnue en cybersécurité, cœur de notre activité.
Nos pôles cybersécurité et IA connaissent une croissance soutenue, portée par une forte demande, des enjeux réglementaires clés et une approche pragmatique.
Joining Phishia means joining a human-sized, ambitious and committed organization, positioned at the heart of the digital and ecological transitions.

Main tasks

• Supervision & detection: real-time monitoring of security events via various SIEMs (Tetris, Google Sec Ops, Wazuh, Splunk); incident analysis, qualification and escalation.
• Orchestration & correlation: exploit the Tetris platform (orchestration, multi-source correlation, automation) to enrich alerts, trigger playbooks and reduce mean time to detection.
• Endpoint protection: deploy, configure and operate CrowdStrike Falcon, SentinelOne, Tetris and Microsoft Defender for Endpoint EDRs to contain malicious activity.
• Network IDS/IPS: set up and manage Zeek, Suricata and Snort probes to detect intrusion attempts on critical flows.
• Investigation & response: perform log analysis, forensic investigations and draft detailed incident reports; recommend immediate measures and monitor their implementation.
• Scenario development: design and maintain correlation and detection rules based on the MITRE ATT&CK framework to improve coverage and reduce mean detection time.
• Automation & reporting: create scripts (Python/Bash) and dashboards (Grafana, Power BI) to automate repetitive tasks, track KPIs (MTTD, MTTR) and present SOC activity.
• Monitoring & continuous improvement: ensure proactive monitoring of vulnerabilities, adverse TTPs and regulatory requirements; update playbooks and participate in crisis management exercises.

Profile required

Graduate of an engineering school or Master's degree (Bac+5) in cybersecurity, systems/networks or equivalent
Confirmed experience or motivated junior in SOC or operational security
Good command of Linux/Windows systems and network protocols
Detection tools: SIEM, EDR, IDS/IPS, Wireshark, malware analysis tools
Ability to communicate effectively, both orally and in writing
Autonomy, rigor, analytical skills and technical curiosity
Good understanding of methodological frameworks: MITRE ATT&CK, NIST, EBIOS RM

What we offer

A strategic position within a fast-growing firm, with rapid increase in responsibility
Advanced technical environment (lab, pro & open source tools)
Missions with high operational and strategic stakes
A flexible, telecommuting working environment with a committed team
Ongoing training (certifications, methodologies, threat intel, etc.)
-Remuneration according to profile, additional benefits
Des perspectives d’évolution vers des postes de lead SOC, consultant ou RSS