2 Csirt Jobs

What will your essential responsibilities include Take full ownership of incidents escalated by Level 2 analysts. Conduct complex investigations and provide advice to L2 SOC analysts. Develop customized scripts and procedures to automate repetitive tasks and improve the efficiency of incident response activities. Provide expert advice on incident remediation and recovery efforts. Develop threat remediation strategies. Perform proactive analysis of AXA XLs attack surface and advice on potential threats and attack vectors. Review and provide feedback on security control capability gaps based on security intrusion trends. Create and refine runbooks/playbooks for all alerts. On-board log sources and work on log issues. Fine-tune EDR and other tooling to exclude noise and false positives. Create and fine-tune content in SIEM - correlation rules, Dashboard and Reports. Interact with SIEM, EDR and other SOC tooling vendors (TAC Support) to remediate any issues with tooling. Monitor API threat detection, reporting and containments. Demonstrate experience in conducting digital forensics investigations relating to incident detection and response. Responsible for making decisions and identifying required actions. During high-severity security incidents, you will advise the AXA XL Head of SOC, CISO and CSO on appropriate containment, eradication, and remediation measures. Provide an after-hours point of escalation for critical incidents. Define the operational roadmap and key metrics for incident detection and response. Collaborate with internal stakeholders to align on and implement security incident detection and response processes. Develop SOC security incident policies and investigation procedures, for use across multiple information systems and teams. Conduct compliance monitoring and perform SOC/SIEM security control testing. Analyze, define, and manage the delivery of new SIEM rules. Conduct use case testing and modify or create as and when required. Create new custom detection rules using KQL. Design and implement SIEM and EDR enhancements and configurations. Manage and represent the Security Operations team on ethical hack exercises. You will report to the Head of SOC. Required Skills and Abilities: Good knowledge of Microsoft Defender and Microsoft Sentinel, including developing complex KQL queries. Experience in performing digital forensics investigations. Experience in developing scripts (Python, Powershell, etc.) quickly in reaction to incidents. Demonstrate experience of good knowledge in information security principles applied to architecture, networks & systems, digital forensics, security risk assessments and software development). Good knowledge and understanding of technologies utilized in cyber security (SIEM, SOAR, Firewalls, IAM, IDS/IPS, Anti-malware, End Point Protection, Database Security, Threat management/intelligence). Actionable knowledge of MITRE ATT&CK framework. Effective knowledge of exploitable vulnerabilities and remediation techniques. Experience in automating manual processes for responding to security incidents. Experience in threat intelligence and CERT/CSIRT activities. Knowledge of current threat actor techniques. Understanding of threat landscapes and threat modelling, security threat and vulnerability management, and security monitoring. Awareness of tools and techniques used by attackers to enter corporate networks, including common IT system flaws and vulnerabilities. Desired Skills and Abilities: Excellent troubleshooting and critical thinking skills. Experience in SOC documentation development. Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences. Must take ownership of tasks and demonstrate a high degree of autonomy to ensure completion. Must be personable and foster good stakeholder and peer group working relationships. Certifications such as CISSP, GIAC, CEH or other.

Role & responsibilities Identification and crafting of complex custom WAF rules & features to mitigate MVP and security posture gaps Crafting efficacy testing for baseline & custom rules and features and integrating testing in the automation pipelines Providing SME support for other security testing such as WAF PoCs, new features and solutions with a potential cost saving if we use in-house resource instead of 3rd party vendors Providing WAF focused SME support and advice on Web & API based attack methodologies, evasions and mitigation techniques Providing DevSecOps SME & pipeline build support for the automation works Monitor and review all tuning requests. Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and performance. Create and maintain comprehensive documentation for WAF tuning, tuning procedures, policies, and configurations. Develop, test, and recommend WAF policies and rules tailored to specific applications and environments. Proactively assist with identifying false positives Collaborate with cross-functional teams to ensure seamless integration of WAF solutions into existing security infrastructure. Provide recommendations for WAF configuration based on best practices and security requirements. Perform regular assessments and audits of WAF configurations to ensure optimal security posture and compliance with industry standards. Stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness Preferred candidate profile Extensive experience in WAF management, tuning, and engineering, with a strong understanding of web application security principles. Proven track record of proactively identifying and mitigating false positives to optimize WAF performance. Background in SOC or CSIRT and AppSec or Ethical Hacking, demonstrating hands-on experience for the key responsibilities Proficiency in log analysis tools and techniques, with the ability to identify patterns and anomalies in web traffic Experience with tools such as Splunk, Wireshark, or custom scripts to process and analyze logs. Experience with at least three major WAF solutions (e.g., Akamai, F5, AWS, GCP) and an understanding of their unique configurations and capabilities. Strong analytical and problem-solving skills, with a keen attention to detail. Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders. Ability to develop, test, and recommend WAF policies and rules tailored to specific applications and environments. Experience collaborating with cross-functional teams to integrate WAF solutions into existing security infrastructure. Competence in maintaining comprehensive documentation for WAF tuning procedures, policies, and configurations. Extensive experience in configuring WAF solutions to align with best practices and security requirements. A proactive, detail-oriented individual who thrives in a dynamic, fast-paced environment and stays updated with the latest web security threats and trends.