Context

The SPW wishes to strengthen its operational security team. An external 24/7 SOC is in place and requires reinforcement of the in-house team in order to adequately respond to SOC escalations, incidents, and requests received by other means. Additionally, the operational security team ensures the daily maturity improvement of security tools.

The mission aims to integrate a hybrid SecOps analyst/engineer XDR profile to strengthen security operations.

This person, in addition to their recurring activities, will be available in an on-call 24/7 mode (rotation among 3 people).

The SPW is currently engaged in a process to comply with the NIS2 regulation (essential level).

SPW has a complex environment that provides services to Walloon citizens. This is a hybrid infrastructure (multi-site and cloud), an extensive network (several dozen locations), numerous applications with varied technologies, and a significant number of users. The security of its information system is therefore essential.

Objectives

• Ensure the daily management of security tools and security incidents.
• Maintain and optimize security tools (excluding operations).
• Collaborate with the SOC and other SPW teams to strengthen overall security.
• Participate in projects related to operational security.
• Intervene in on-call or standby mode depending on criticality.

Activities

• Management of security incidents (analysis, escalation, resolution) including incident documentation;
• Coordination of different teams to resolve security incidents or to improve the security level;
• Participate in tuning protection rules;
• Implement exception management (impact and risk analysis);
• Cross-functional support on security tools;
• Post-mortem analysis of incidents: technical retrospective, recommendations, and follow-up of action plans with the ITSM team;
• Handling alerts (SIEM, XDR, etc.) from the SOC and/or security tools;
• Vulnerability management: detect, prioritize, and remediate them in collaboration with SPW teams.
• Security monitoring and threat intelligence: monitoring CVE, IOC, MITRE ATT&CK tactics;
• Participation in the development or continuous improvement of SecOps processes, procedures, and guides;
• Support for IT projects related to operational security: security review, provision of technical-functional advice, active participation in the project team;
• Use of ITSM tools (Jira Service Management, etc.);
• Any other activity related to operational security depending on the needs and priorities of the service;

Intervention Modalities

The mission is carried out within the SPW Digital security division under the supervision of the operational security manager.

The profile ensures regular full-time service, 40h/week.

In addition to regular duties, they participate in a rotation to guarantee availability in on-call 24/7 mode with a commitment to be available. Certain alerts must be addressed within a maximum of 30 minutes.

The SOC and SPW may call the on-duty person to take charge of the analysis of a priority 1 or 2 incident, take response actions, and coordinate teams until the incident is resolved. Integration into existing processes (incident management, change management, SOC, etc.)

Expected Deliverables

• Activity and incident reports, progress report of post-incident recommendations
• NIS2: initial notification, preliminary report, and final report
• Change log of rules (who, what, why)
• Backlog of prioritized vulnerabilities.
• Remediation plan (vulnerabilities) with deadlines and responsible parties.
• Optimized configurations of security tools
• Technical documentation, processes, and procedures
• Improvement advice and recommendations
• Security KPI monitoring

Expected Behavioral Skills

1. Clear communication
2. Rigorous change management
3. Emergency management
4. Incident prioritization
5. Versatility
6. Technical curiosity
7. Autonomy
8. Team collaboration
9. Reactivity to unforeseen events

Evaluation Method

The evaluation will include an interview during which questions and/or scenarios related to the mission description will be used.

The interview will take place between ….. and …..