Threat Hunting Analyst - Puteaux Defense

Choosing Capgemini means choosing a company where you will be able to shape your career according to your aspirations. You will be supported and accompanied within a collaborative community of colleagues from around the world, where you will be able to rewrite your future. Join us in redefining the boundaries of what is possible, help unlock the value of technology for the world's largest organizations, and be part of building a more sustainable and inclusive world.

Your missions:

About Us The Cybersecurity Group creates and manages global security policies, monitors compliance of Business Units and Global Business Lines, provides robust communications, training and awareness campaigns to employees, designs a global security architecture based on threats and market evolution, and manages the Group's Cybersecurity Projects and Operations.

As part of the team expansion, the Cybersecurity Group is looking for a Threat Hunting Security Analyst.

Cybersecurity professionals help protect an organization by using a range of security tools, technologies and processes to prevent, detect and manage cyber threats. You will work within a global team - Group Cybersecurity Operations Computer Emergency Response Team (CERT).

Your primary role will be to support all activities undertaken by the Threat Hunting pillar.

• You will work with the broader CERT team to prioritize and plan work within your pillar. You will collaborate with various team members to develop and contribute to technical projects, reporting and monitoring progress to ensure CERT Threat Hunting objectives and goals are met.

Your responsibilities

You will be responsible for a wide range of activities from threat hunting tasks to problem solving and request management, to actively contributing to CERT activities and projects. Responsibilities include:

• Investigate an ongoing phishing campaign or alerts from our threat intelligence platform;
• Collaborate with the incident response team to analyze malware samples;
• Assist the insider threat team in investigations;
• Proactively research emerging threats or trends that may affect Capgemini;
• Technical support from the Advanced Persistent Threat Emulation Team;
• Significant understanding of hunting specific malware and advanced persistent threats;
• Search network flows, PCAPs, logs, and EDR sensors for evidence of attack or compromise;
• Determine the extent of the compromise, attributes of any malware, and potential data exfiltration;
• Training between different teams within the SOC and CERT;

• Provide simple, reusable hunting tactics and techniques to a team of security engineers, SIEM specialists and SOC analysts;
• Actively hunt for APT indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) in the network and hosts as necessary;
• Knowledge of LOLbins abuse, privilege escalation, MITRE ATT&CK framework, threat hunting methodologies, Yara rules;
• Consult with other internal teams regarding security requirements, concerns, project issues;
• Daily administrative tasks, reporting, coordination between teams, escalation of issues;
• Investigate, coordinate, resolve and report security incidents when escalated or identified;
• Forensically analyze end-user systems and servers for possible IOCs;

• Analysis of artifacts collected during a security incident/forensic analysis;
• Provide technical input to the security incident response process;
• Provide regular reports and operational metrics to monitor progress;
• Ability to synthesize data from multiple sources and present concise, relevant information to technical and non-technical audiences;
• Help develop support content tailored to the Executive Leadership Team (ELT), C-suites and Board of Directors in the event of an incident or routine operational report;
• Develop effective metrics to demonstrate the continued value of threat hunting;
• Lead and initiate projects;
• Train and supervise junior analysts;
• Assist the Cyber ​​Threat Intelligence Manager as needed.

Your profile:

• You have significant experience in cybersecurity or security-related fields, with Red Team tools and frameworks (Metasploit, Cobalt Strike, Core Impact, Covenant, Splinter, Bloodhound, PowerShell Empire, .net attack toolsets, privilege escalation);
• You have experience in incident risk management and incident management for public and private sector clients;
• You have knowledge of OSINT collection/reconnaissance techniques for target selection;
• You have knowledge of implant persistence, exfiltration and lateral movement techniques;
• You are recognized for your communication skills (oral and written) for your organization of your work according to priorities
• You have knowledge of anti-analysis and anti-evasion methodologies
• You have a strong attention to detail with analytical and problem-solving skills
• Fluent English required (written and oral) to interact with international teams.

3 Reasons to join us:

Quality of life at work:  teleworking agreement in France and internationally, agreement on professional equality, parenthood, work-life balance and sustainable mobility.

Continuous learning:  certifications and training with free access, tailor-made support with your career manager, 9-month integration process.

Group & CSE benefits:  shareholding plan, preferential rates, partial holiday reimbursement, reimbursement of your sports subscription or

cultural.

About Capgemini:

Capgemini is a global leader in responsible, multicultural solutions, with nearly 350,000 people in over 50 countries. With 55 years of experience, we are a strategic partner for companies to transform their business by leveraging the power of technology and innovation in rapidly evolving areas such as cloud, data, artificial intelligence, connectivity, software, digital engineering and platforms.

Get The Future You Want*

*Capgemini, the future you want

‍