EQUANS

Equans is a world leader in the energy and services sector, with annual revenues of nearly €19,2 billion* and almost 800,000 projects.​

Equans has leading positions in Europe, which is the result of the history of energy construction in these countries, and strong presences in North and South America and in Oceania.​

With nearly 90,000 highly skilled employees, Equans has a strong geographic footprint, anchored by historic local brands. Equans provides its customers with excellent technical expertise in the design, installation, maintenance, and operation of multi-technical facilities. This know-how is based on key skills. First of all, in electrical and thermal engineering - two strong points that help accelerate the reduction of our clients' carbon footprint - but also in ventilation, refrigeration, mechanics and robotics, fire protection, energy renovation, digital solutions, IT, cyber security and telecommunications.​

The combination of thes expertises allows us to offer efficient and optimised solutions at all stages of the energy chain, from production, storage and transport to usage.

(*) Turnover 2024 consolidated

CSIRT analyst (F/M/X)

Summary of the role

Within the CSIRT of Equans, you ensure the initial detection, preliminary assessment and response to IT security incidents.

By examining the technical data collected, you identify the attackers' modus operandi, determine their objectives and evaluate the extent of the attacks in order in particular to search within the environment for elements that could indicate a potential compromise.

Through an investigation report, you offer recommendations to resolve problems and strengthen the security of affected systems. You suggest actions to take to thwart and resolve the incident, including cleaning and strengthening the security of affected systems.

You carry out constant monitoring of new vulnerabilities, emerging technologies and attack methods linked to system components, by developing appropriate investigation tools.

KEY METRICS OF THE ENVIRONMENT

• Identities managed: 95,000
• Workstations: 60000
• Servers: 6500
• Hosting: 80% of the IT are managed on Azure and AWS
• Teammates: 4 in France for a total of 17 people in the CSIRT (3 incident handlers in Montreal CA)
• Knowledge and toolings:
  • Must know KQL queries
  • Use of EDR solutions
  • Good knowledge of Microsoft security solutions
  • Good knowlegde of Cloud environments
  • knowledge of Threat Intelligence platform solution
  • Use of SIRP
  • Use of Feedly for cyber watch

KEY OBJECTIVES & KPIs

• Leading at least 3 campaigns to improve our overall detection (Defining audit logs, assist Cyberdefense architects for data collection and parsing, identifying risks, use cases and associated detection rules, build incident responses);
• Carrying out structured threat hunting, based on a hypothesis, in order to identify weak signals within our environment;
• Producing every month an internal threat report for a specific Business Unit;
• Animating public and corporate events to improve our overall visibility and share our insights with other teams;
• Creating playbooks to improve our incident response processes

KEY RESPONSIBILITIES

• Carry out structured threat hunting in order to identify weak signals within our environment;
• Enrich and integrate TTPs and indicators of compromise into monitoring tools;
• Produce actionable reports based on threat intelligence data;
• Perform real-time incident response in order to participate in the whole lifecycle of the incident (identification and monitoring of the attack path, collection of artifacts for forensic analysis, threat analysis and remediation actions);
• Propose new rules and means to be implemented to improve our overall detection;
• Participate in intrusion tests and red team missions;
• Be a major actor in the development of the threat intelligence platform;
• Introduce information related to cybersecurity to improve awareness and implementation of security practices;
• Develop and maintain relationships with experts or organizations that can help or participate in the CSIRT’s mission;
• Continuously improve the service provided and report to the CSIRT manager;
• Support the CSIRT manager in the preparation of committees

In conjunction with Equans  internal teams and partner teams:

• Inform management of suspected incidents and explain the history by providing punctual feedback with the status and potential impact of the event;
• Provide advice on disaster recovery, emergency and business continuity plans, at the tactical, operational and strategic levels;
• Recommend measures to circumvent and remediate the incident.

PROFILE

Academic background & Experience

Engineering degree (Master’s level or equivalent) in computer science, cybersecurity, information sciences, or a related field. Specialization in Threat Intelligence, threat analysis, or offensive security (e.g., via a Master’s in cybersecurity or certifying programs from ENISA or Romanian universities such as the Polytechnic University of Bucharest) would be a major asset. Continuous training in cybersecurity (MOOCs, bootcamps) is appreciated to demonstrate ongoing skill updates.

At least 3 years of experience in a similar cybersecurity role, ideally within a CSIRT, SOC, or Threat Intelligence team. Proven expertise in Threat Intelligence is essential: you must have hands-on experience in monitoring and analyzing TTPs of cyber threat actors, enriching IoC, and producing actionable reports based on intelligence data.

Behavioral Capabilities​

• Strong leadership skills
• Excellent problem-solving and analytical skills, with the ability to troubleshoot complex access governance issues and implement effective solutions.​
• Ability to communicate effectively with both technical and non-technical stakeholders, ensuring clarity in explaining complex technical concepts.​
• Strong collaboration skills, working seamlessly with cross-functional teams such as IT, security, and compliance.
• You demonstrate interest and skills in developing task automation
• Good communicator, you have interpersonal skills and you adapt easily to various people;
• You have a sense of ethics, and know how to exercise discretion;
• You are fluent in English and willing to work in an international context.​
• Comfortable working in a multicultural, distributed team.
• You have an excellent methodological approach to managing incident responses; 

Skills

• You have technical background demonstrating the ability to perform the assigned tasks;
• You are autonomous, technically versatile and have the ability to tackle new and stimulating technical subjects;
• You master monitoring and intrusion detection tools, as well as incident management systems;
• You are competent in static malware analysis;
• You have one or more certifications related to incident response (SANS, OSCP, etc.) and possibly cyber threat intelligence are desirable.

Why Join Us?

Motivational Environment
Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support.

Challenging Topics
Contribute to multiple high-impact projects that tackle real-world cybersecurity challenges. Your expertise will make a difference.

Empowered Voices
Your ideas matter. As a valued team member, your input will be heard, respected, and considered in decision-making processes.

Technical Growth
Advance your skills through tailored training programs and hands-on experience. We invest in your development to help you reach your full potential.