Analyst, Cybersecurity (Automation)

About The Position

Requirements

• DEC or Bachelor’s in Computer science, Cybersecurity, or a related field.
• Minimum of seven (7) years of experience in information technology, including significant experience in detection engineering, SIEM administration, or SOAR automation.
• Excellent command of Splunk Enterprise, including SPL query design, correlation rules, dashboards, and data models.
• Hands‑on experience with Splunk SOAR, including development, optimization, and deployment of automated playbooks.
• Strong knowledge of Microsoft ecosystems, including Windows Server, Windows 10+, Azure AD/Entra ID, and Microsoft 365.
• General knowledge of Linux (RHEL or equivalent), particularly for log ingestion and analysis.
• Solid understanding of Active Directory and related security concepts (GPOs, ACLs, Kerberos, hardening, authentication).
• Good knowledge of security tools such as EDR, firewalls, IDS/IPS, anti‑spam solutions, proxies, and cloud security services.
• Ability to analyze and interpret logs from diverse systems (Windows, Linux, Unix, cloud, applications, and network devices).
• Knowledge of threat hunting, MITRE ATT&CK, incident response, and behavioral analysis concepts as applied to detection engineering.
• Excellent technical problem‑solving, diagnostic, and optimization skills.
• Ability to work independently while collaborating effectively with IT and security teams.
• Strong sense of accountability, attention to detail, and service‑oriented mindset.
• Bilingual in French and English, both spoken and written.

Nice To Haves

• Knowledge of cloud environments (Azure, GCP) and their logging models — a strong asset.
• Security or Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Security Admin, CISSP) – an asset.

Responsibilities

• Contribute to the evolution of detection and automation capabilities by developing, refining, and maintaining rules, correlations, and automations within SIEM and SOAR platforms.
• Integrate and normalize new log sources, ensuring data quality, consistency, and availability for detection purposes.
• Optimize SIEM performance by managing configuration, connectors, data pipelines, and the relevance of generated alerts.
• Collaborate with SOC analysts to improve alert fidelity, reduce false positives, and support security event analysis.
• Monitor trends, identify visibility gaps, and recommend improvements to detection and automation mechanisms.
• Perform ongoing threat intelligence and research on attack tactics and techniques (e.g., MITRE ATT&CK) to enrich detection use cases and anticipate emerging threats.
• Document detection rules, integrations, automations, and technical processes, and contribute to establishing standards and best practices for log management and security monitoring.
• Participate in the evaluation of new IT tools or systems to define required logging and security controls for SIEM integration.
• Administer SIEM/SOAR platforms, including installation, configuration, upgrades, and management of modules and integrations.
• Perform network monitoring and intrusion analysis using security defense tools (IDS/IPS, firewalls, EDR, email security).
• Correlate activity across assets (endpoints, network, applications), environments (on‑premises and cloud), and identities to identify anomalous patterns.
• Review alerts and sensor data, and produce formal technical incident reports.
• Participate in incident triage, containment, and investigation workflows.
• Lead investigations for major security incidents.
• Provide Level II support and ensure full resolution of incidents.
• Research emerging threats and vulnerabilities and actively participate in security communities.