Security Incident Response Expert

• Digital Forensics and Incident Response (DFIR) activities including assessment, analysis, categorization, classification, and investigation of cybersecurity incidents.
• Manage cybersecurity incidents to ensure timely containment and risk mitigation engaging with operational teams and leadership as required and according to Security Incident Management Processes.
• Handle potential high severity incidents autonomously during non-working hours (on rotational on-call basis).
• Collect, document and analyze evidence as part of the digital forensics capability of Cyber Defense and AXA CERT.
• Follow-up security incidents resolution and track updates in ticketing tool.
• Notify and communicate to relevant stakeholders including Group and entity CISO/CSO’s.
• Support SOC Security Analysts and an international network of local security incident handlers from AXA entities.
• Perform lessons learned activities, e.g. security incident reviews, post mortem documentation. Contribute to the improvement of the DFIR capability including development and integration of open source and commercial tools in a dedicated forensic lab.
• Contribute to threat hunting activity proactively and in the context of high severity incidents.
• Participate in use case development and SIEM rules threshold tuning.
• Act as a mentor to more junior Security Incident Response Specialists, support and supervise them, ensure knowledge transfer within the team.
• Professional communications and reporting to SOC stakeholders and customers.
• Participate in exchanges with national and international CERT/CSIRT communities.

• Security Incident Response Expert according to Security Incident Management Processes.
• Security Incident Reports and Lessons Learned.
• Communication to stakeholders.
• Security Incident Response documentation.
• Collect and document data from a variety of sources to assist incident response actions.
• Coordination with other teams for effective incident response.
• Mentor and guide the more junior Incident, Forensics & Threat Intelligence Manager.
• Coordinate complex security incident response that require deeper background knowledge.
• Provide leadership, guidance and deep technical expertise to deliver a professional services to customers.
• Continually maintain and improve technical capabilities through individual development activities.

• Bachelor degree in Computer Science or Information Security would be desirable but is not essential

• GIAC GCIH (SANS SEC504), GIAC GCFA (SANS FOR508)
• Strongly preferred: GIAC GDAT (SANS SEC599), GIAC GNFA (SANS FOR572), GIAC GCFE (SANS FOR408), GIAC GCIA (SANS SEC503), GIAC GREM (SANS FOR610)
• Preferred: Security infrastructure certifications
• Preferred: ITIL foundation
• Preferred: Offensive security certification (OSCP, SEC560, CEH)

• Demonstrated experience in performing Information security incident analysis and response > 4 years
• Demonstrated experience in SOC/CSIRT > 3 years
• Demonstrated experience in network / security infrastructure administration > 2 years
• Demonstrated experience Linux/Windows administration > 1 years
• Demonstrated experience in large and complex organisation(s) > 3 years
• Demonstrated experience in usage of ticketing tools
• Demonstrated on-the-job experience with any of the standard commercial SIEM tools

• Ability to identify risks, threats, vulnerabilities and associated attacks that might involve: malicious code, protocol/design/configuration flaws…
• Strong troubleshooting and analytical skills
• Understanding the Internet and detailed knowledge of network protocols (Ethernet, 802.11.X, IP, ICMP, TCP, UDP…)
• Knowledge of application/services related protocols (DNS, SMTP, HTTP, FTP…)
• Knowledge of network infrastructure elements and architecture (Firewall, Proxy, IPS, WAF…)
• Knowledge of current security vulnerabilities and related attack methodologies
• Detailed knowledge of packet capture analysis and usage of associated tools
• Detailed knowledge of log management (Syslog, CEF, debug levels, parsing…)
• Knowledge of encryption algorithms, digital signature mechanisms and PKI
• Knowledge of scripting, character manipulation and regular expressions

As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we’ve created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we’re nurturing a culture of
respect, for each other, for our customers and the communities around us. Join AXA and you’ll feel like you belong, are included and can thrive. You’ll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

• State-of-the-art Data Technology to drive customer experience
• State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
• High-Performing Global Team for stronger partnerships with AXA entities