Seif Bouzoumita

Client referent on several SOC environments: operational management of the security relationship, animation of steering committees, monitoring of KPIs/SLAs, trend analysis and production of executive reporting with actionable recommendations aligned with business challenges. Participation in the complete build of a Sekoia.io platform for a client, including supervision of agent deployment, setting up collection forwarders, configuring intakes, parsing, normalization pipelines, and integration of multiple technologies (CyberReason on-prem, Vade Cloud API, Varonis, Windows AD), followed by initial tuning and deployment of detection rules. Advanced optimization of detection capabilities through fine-tuning Sekoia rules (analysis of false positives, improvement of use-case relevance, adjustment of detection conditions, and requests for parsing field evolution from the editor to enable adapted filtering strategies), resulting in an approximate 50% reduction in Medium and Low alerts on a client environment through a significant improvement in the signal-to-noise ratio. Design and maintenance of advanced SOC dashboards (log volume, detection quality, false positives, alerting metrics, and SLA compliance) for operational management and continuous improvement of security performance. Analysis and handling of alerts (network, user, endpoint, cloud, email, web security, bot spam, scans, brute force, DDoS) with SIEM/EDR (Splunk, Sekoia, HarfangLab, CrowdStrike, SentinelOne, Cortex), writing impact-oriented investigations, client technical support, escalating major incidents with backlog prioritization based on criticality.

Analysis and handling of multi-domain alerts: access, authentication, network, bot spam, email, endpoint, DDoS. Daily use of SIEM and EDR: Splunk, Sekoia, HarfangLab, Crowdstrike, SentinelOne. Structured writing of investigations with technical recommendations and business impact. Escalation of critical incidents and direct communication with clients if necessary. Tuning of detection rules to reduce false positives and improve accuracy. Implementation of whitelists and opening issues to adjust unsuitable rules. Handling the SOC mailbox: qualifying suspicious emails (phishing). Collaboration with the CTI team for the analysis of suspicious domains, IP addresses, or files. Adaptation to specific requests via tickets (additional investigation, requalification, closure). Responsiveness and ability to provide tailored support to clients (Active Directory). Workload distribution among analysts across multiple zones (France, Singapore, Vancouver, Tunisia). Weekly presentation of technical cases, lessons learned, and new analysis methodologies. Animation of watch sessions on vulnerabilities, attack techniques, and cyber trends.

BPCE

Administration and monitoring of vulnerability assessments (NESSUS). Monitoring of Patch Perimeter management (NESSUS). Correction and improvement of the SECURITY/SCORECARD score. Management and classification of assets and vulnerabilities. Managing penetration and vulnerability testing missions. Development of a support tool to automate the project security integration process (VBA). Participation in advanced project security integration sessions. Monitoring and analysis of security incidents on environments (access, network, email, endpoint).