CSIRT Analyst Details

CSIRT Analyst

Air Liquide - Houston, TX

Employment Type : Full-Time

Company presentation

World leader in gases, technologies and services for Industry and Health, Air Liquide is present in 80 countries with approximately 66,000 employees and serves more than 3,6 million customers and patients. Oxygen, nitrogen and hydrogen have been at the core of the company’s activities since its creation in 1902. Air Liquide’s ambition is to be the leader in its industry, delivering long-term performance and acting responsibly.

Candidate must have valid employment authorization in the U.S. and must not require visa sponsorship now or in the future. This position is not open for non-immigrant visa sponsorship.

The CSIRT (Computer Security Incident Response Team) is responsible for the management of security incidents for the whole group. The CSIRT has offices in Paris, Houston, Radnor and Singapore. The position is to strengthen our present team in Houston. The missions are:

• Incident handling: Alert qualification: a first level of qualification is done by the L1/L2 teams of our MSSP and advanced qualification is done by CSIRT analysts before generating an incident
• Investigation : incidents are investigated by members of the CSIRT (L3) in coordination with the local security officers in order to define the exact scope of the incident. The CSIRT analyst defines for each incident an action plan which aims to collect the artifacts needed on suspicious assets, replay binarie to extract the IOC (Indicator of Compromise), contact local teams of the group for obtaining additional information, .
• Remediation: the CSIRT analyst also defines the remediation action plan for a return to normal and pilot remediation actions with technical teams
• Writing procedures (industrialization): CSIRT analysts enrich existing standard operating procedures (SOP) or create new ones, develop global playbooks, document the IT context of our information system, develop scripts and processes to automate activities, …
• “Sanitary” actions: conduct actions to limit or eradicate inappropriate behaviors which are not malicious but generate false positives
• User awareness: during qualification and incident handling, remind users of the group security policies and of best practices
• Hunting: CSIRT analysts with the tools at their disposal (SIEM, IDS, PROXY, EDR) identify weak signals
• Monitoring optimization: CSIRT analysts propose evolutions to our monitoring rules and processes
• CSIRT tooling: the CSIRT has its own infrastructure (monitoring, malware analysis, …) and CSIRT analysts are involved in its maintenance and evolution by keeping it up and running, by adding new features or new tools (sandbox, scripts .)

• Bachelor's degree in the field of IT security component or with a similar experience
• 5-8 years of experience in security operations (with at least 2 years in a CSIRT/CERT/SOC position) expected
• Fluency in English mandatory in multicultural environment

Technical skills

• Good knowledge of traditional safety equipment (Firewall, proxy, reverse proxy, VPN .)
• Understanding of the generated logs and security architectures.
• Good knowledge of security issues (attacks, vulnerabilities .)
• Good knowledge of standard protocols (HTTP, FTP, FTP, DNS, SSL .)
• Good knowledge of Windows / Linux architectures
• Knowledge of AWS security and/or industrial IT security would be a plus

Complementary skills:

• Forensic analysis and analytics
• Certifications: GCIH, GCIA, GCFE / GCFA

Skills:

• Excellent communication skills (oral and written)
• Ability to work in teams (openness, interpersonal)
• Adaptability to different environments & Technologies
• Priority management
• Force proposal
• Ability to simplify and synthesize complex situations, taking into account all the elements
• Sense of service
• Autonomy