Security Engineer Thales

The cybersecurity center of Thales Morocco ensures permanent surveillance (24/7 security monitoring), prevention through collaborative monitoring with the Thales group CERT, as well as the management of security systems for our clients (log management, incident detection and response, forensic analysis, vulnerability assessments and audits, identity and access management, security reporting).

Its main missions will consist of implementing or migrating detection rules for clients, while carrying out continuous improvement actions to automate detection and reduce false positives, ensuring the relevance of generated security alerts.

The main tasks associated with the service are as follows:

• Implementation of parsers.
• Design, implementation and optimization of incident response and automation playbooks across multiple security platforms.
• Design, implementation and optimization of detection rules on several SIEM platforms: QRadar, Exabeam, Microsoft Sentinel, Sekoia and Google SecOps.
• Design, implementation and optimization of incident response and automation playbooks across multiple security platforms.
• Writing quick reference guides

The main activities are:

Definition and implementation of a data collection and storage policy

Implementation, maintenance and evolution of the detection strategy

Refining the rules, filters, and use cases related to detection and response

Definition and implementation of investigation and countermeasure standards

Operational readiness and maintenance of SOC tools (e.g., SOAR)

Enhanced detection through the integration of customer context elements

Expertise en investigation

Development and maintenance of automation within the SOC

D. Develop and strengthen the SOC's detection capabilities

Adapt customer detection to the SOC context

Providing advice to clients to improve their detection system

Participate in steering committees and support service managers in the production of reports