Context

The SPW wishes to strengthen its operational security team. An external 24/7 SOC is in place and requires reinforcement of the in-house team in order to provide adequate follow-up to SOC reports, incidents, and requests collected through other means. Additionally, the operational security team ensures the daily maturation of security tools.

The mission aims to integrate a Junior SecOps analyst profile to strengthen security operations.

This person, in addition to their recurring activity, will be available on a 24/7 on-call basis (rotation between 3 people).

SPW is currently working towards compliance with the NIS2 regulation (essential level).

SPW has a complex environment that provides services to Walloon citizens. It is a hybrid infrastructure (multisite and cloud), an extensive network (several dozen locations), numerous applications with various technologies, and a significant number of users. Therefore, the security of its information system is essential.

Objectives

• Ensure daily management of security tools and security incidents.
• Maintain and optimize security tools (excluding operation).
• Collaborate with the SOC and other SPW teams to strengthen overall security.
• Participate in projects related to operational security.
• Intervene in on-call or standby mode according to criticality.

Activities

• Management of security incidents (analysis, escalation, resolution) including documentation of incidents;
• Coordination of different teams for the resolution of security incidents or to improve the security level;
• Analysis of network flows and correlation with alerts;
• Contribution to securing network architectures, relevance of configuration, management of exceptions (impact and risk analysis);
• Participate in tuning protection rules;
• Implement exception management (impact and risk analysis);
• Cross-functional support on security tools;
• Post-mortem analysis of incidents: technical retrospective, recommendations, and follow-up of action plans with the ITSM team;
• Handling alerts (SIEM, XDR, etc.) coming from the SOC and/or security tools;
• Vulnerability management. Detect, prioritize, and remediate them in collaboration with SPW teams.
• Security monitoring and threat intelligence: tracking CVEs, IOCs, MITRE ATT&CK tactics;
• Participation in the development or continuous improvement of SecOps processes, procedures, and guides;
• Support for IT projects related to operational security: security review, providing technical and functional advice, active participation in the project team;
• Use of ITSM tools (Jira Service Management, etc.);
• Any other activity related to operational security according to the needs and priorities of the service.

Methods of intervention

The mission is carried out within the SPW Digital security division under the supervision of the operational security manager.

The profile provides regular full-time service at 40h/week.

In addition to regular duties, they participate in a rotation to ensure 24/7 on-call availability with a commitment to availability. Certain alerts must be addressed within a maximum of 30 minutes.

The SOC and SPW may call the on-duty person to take charge of the analysis of a priority 1 or 2 incident, take response actions, and coordinate teams until the incident is resolved. Integration into existing processes (incident management, change management, SOC, etc.)

Expected Deliverables

• Activity and incident reports, progress report on post-incident recommendations
• NIS2: initial notification, preliminary report, and final report
• Change log of rules (who, what, why)
• Backlog of prioritized vulnerabilities
• Remediation plan (vulnerabilities) with deadlines and responsible parties
• Optimized configurations of security tools
• Technical documentation, processes, and procedures
• Advice and recommendations for improvement
• Security KPI tracking

Expected behavioral skills

1. Clear communication
2. Rigor in change management
3. Emergency management
4. Prioritization in incident handling
5. Versatility
6. Technical curiosity
7. Autonomy
8. Team collaboration
9. Reactivity to unforeseen events

Evaluation method

The evaluation will include an interview during which questions and/or scenarios related to the mission description will be used.

The interview will take place between ….. and …..