You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Firas MarweniFM

Firas Marweni

Senior CSIRT

€650/day
Romainville, FR
8-15 years
Incident Response
Cyber Threat Intelligence
Forensic Analysis
Technical Lead
Threat Detection

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Firas

.Senior CSIRT / SOC Consultant with 10 years of experience in cybersecurity, specializing in incident response, forensic investigation, detection, and security incident management for clients in the banking, nuclear, insurance, energy, IT, and industrial sectors...
Certified GIAC GCIA, GCIH, and GCFE, I support large organizations in:
Managing complex security incidents (targeted attacks, ransomware, SI compromise)
Forensic investigations and post-incident analyses
Improving SOC/CSIRT capabilities (detection, procedures, playbooks, SIEM)
Strengthening monitoring and response mechanisms
I have worked within major international groups such as Thales, Elron, and IBM Security, on critical and regulated environments (finance, industry, sensitive infrastructure).

  • French

    Native or bilingual

  • English

    Native or bilingual

  • Arabic

    Native or bilingual

Can work on-site
Romainville (up to 50km)

Experience

  • IBM
    CSIRT Expert
    January 2019 - September 2025 (6 years and 8 months)
    Courbevoie, France
    Banking Insurance Client (2019 - 2025): SENIOR CSIRT Consultant
    - Level 3 Incident Response: detection, forensic analysis, qualification, and remediation.
    - Implementation of the client's security policy roadmap:
    - Continuous improvement of the detection process: Audit of existing detection rules
    - Optimization of detection rule coverage according to the MITRE ATT&CK framework
    - Implementation of Level 1 and Level 2 investigation processes using reference sheets.
    - Management of the Microsoft O365 security project: Exchange, ATP, SharePoint, and Message Trace:
    - Collection of O365 traces in QRadar and parsing of O365 logs
    - Implementation of O365 security use cases
    - Development of real-time detection scripts for sensitive data leaks and monitoring of the client's public resources.
    - User Behavior Analytics (UBA) project management:
    - Import client users to monitor
    - Configure UBA use cases
    - Set UBA scoring

    Language: Shell, Solutions: SIEM QRadar, EDR Sentinelone, Splunk, FortiSoar, Trend, Ironport…

    EDF (2025): Cybersecurity / SOC Consultant
    Context: EDR Proof of Concept in a secured (air-gapped) environment:
    - Design of the Cybereason EDR architecture in air-gap mode
    - Definition of the function of each solution component
    - Installation and configuration of the Cybereason instance: Instance servers and agents.
    - Implementation of security policies adapted to the client's different asset types

    BNP (2025):
    - Implementation of system security DAT and PDIS
    - Design of system and PDIS security architectures compliant with PCI DSS
    - Security Architectures for a hybrid Cloud / On-Premise environment

    Client Pre-sales Support IBM (2025):
    - Presentation of Artificial Intelligence solutions, ATOM and PTI for security incident analysis and threat indicator management, and explanation of their added technical value.
    Incident Response Technical Lead Linux Shell Scripting Cloud Security Security Architecture
  • ELRON Consulting
    SOC / CSIRT Consultant
    January 2015 - January 2019 (4 years)
    Paris, France
    Information System Security Monitoring for Clients:

    - CSIRT: Level 1, 2, and 3 Incident Response: Collection, Detection, and Forensic Analysis
    - SOC: Intrusion Detection
    - Analysis of security equipment logs (Qradar, proxy, IPS Tipping Point, SNORT…)
    - Monitoring of cyber-attacks (source and types of attacks) and dashboard reporting
    - Control of outgoing flows (uploaded and downloaded volume, security equipment bypass, use of non-standard services, malicious downloads…)
    - Implementation of data leak detection engines (internal references, documents...)
    - Generation of weekly SOC reports for 4 countries
    - IT Security Watch: CERT alert processing and security filter implementation
    Language: Shell Scripting Solutions: SIEM Qradar, Snort, Carbon Black, SourecFire, IPS Tipping Point, Sophos and Symantec, Ironport…
  • ORANGE
    End-of-Study Engineering Internship
    February 2014 - August 2014 (6 months)
    Tunis, Tunisia
    Implementation and Deployment of a SIEM from Scratch
    • Log collection from security equipment: FW, Proxy…
    • Normalization of raw logs into easily interpretable security events (user, IP, Hostname, Port…)
    • Insertion of security events into a database
    • Implementation of detection and correlation rules based on pattern matching to transform a security event into an alert
    • Design of security dashboards for reporting all security events and alerts
    Language: Shell scripting, Perl Solutions: Syslog, Linux
Check out Firas's experience

Recommendations

Be the first to recommend Firas

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Baccalaureate
    Tunisia
    2009
    Baccalauréat
  • National Diploma in Computer Networks and Telecommunications Engineering
    INSAT
    2014
    Diplome national d'ingénieur en réseaux informatique et télécommunication
Check out Firas's education

Certifications

Firas's certifications are only visible to Malt Community members

Skill set

Unix Shell Scripting
EDR
SIEM

Categories