Abdelhakim B.

Context: Construction of a SOC for a multi-tenant platform capable of holding classified data and enabling faster development of digital products, using a DevSecOps approach.

Missions:

• Definition of the SOC platform architecture

• Monitoring of security requirements (PDIS, II901, and SecNumCloud requirement repositories)

• Integration and deployment of security and monitoring solutions (antivirus, probe, backups, etc.)

• Definition and participation in SOC improvement projects (tooling, processes, SOC coverage increase)

• Installation, configuration, migration, and updating of SIEM Splunk components; version upgrades of components

• Automation of deployments via Ansible

• Versioning of configurations via Gitlab

• Administration of the Splunk platform; integration of new data collectors

• Industrialization and automation of the deployment of SOC tools and processes.

• Identification and integration of logs from various equipment and implementation of different collection methods.

• Event analysis and parser development, configuration audit on the SIEM

• Development of the detection mechanism based on the MITRE ATT&CK repository

• Creation, maintenance, and improvement of detection rules and policies at the SOC component level

• Development of several investigation dashboards to facilitate incident response

• Development of cyber-indicators, reports, and simple or correlated alerts.

• Threat and vulnerability intelligence, IOC monitoring, and publication of alert bulletins.

• Definition and regular updating of security incident management procedures

• Participation/Management of incident response

• Post-mortem investigations of security incidents

• Monitoring of BUILD & RUN phases according to an agile methodology

Context: Establishment of a Security Operations Center (SOC) and building an operational security team within the Europcar Mobility Group entity undergoing transformation.

Missions:

• Participation in the development and maintenance of event correlation mechanisms and rules on Splunk and query optimization

• Configuration and parameterization of the Splunk solution (installation of apps and new indexes)

• Integration of use cases in Splunk ES and processing of reported alerts

• Parameterization of alerts, new reports, and dashboards

• Research and testing of new security tools and recommendations on tools to implement in the SOC environment.

• Creation and maintenance of operational reports for key performance indicators and weekly/monthly metrics.

• Maintaining the operational condition of instances related to security tools

• Implementation of detection scenarios and associated alert processing

• Implementation of incident response processes and vulnerability reporting

• Vulnerability management (takeover, qualification, tracking)

• Management and analysis of detected security incidents (internal, CTI, and CERT) as well as remediation activities

• Management of investigations and inquiries requested by business units or management within the group's other entities.

• Facilitation of security committees, workshops, and awareness sessions

Within the IS Security Architecture team, involved in technical, technological, and methodological choices that meet security requirements.

Missions:

• Validation of the information system map and security assumptions related to the different environments during the design phase.

• Drafting and monitoring the implementation of security requirements applicable to the different components of the architecture.

• Drafting and reviewing security requirements applicable to the tools used by business teams.

• Preparation of design and justification documents on security aspects.

• Participation in the design of the architecture and the implementation of systems, ensuring that the different components have the appropriate security level