1. EQUANS 

Equans is a world leader in the energy and services sector, with annual revenues of nearly €19,2 billion* and almost 800,000 projects.​ 

Equans has leading positions in Europe, which is the result of the history of energy construction in these countries, and strong presences in North and South America and in Oceania.​ 

With nearly 90,000 highly skilled employees, Equans has a strong geographic footprint, anchored by historic local brands. Equans provides its customers with excellent technical expertise in the design, installation, maintenance, and operation of multi-technical facilities. This know-how is based on key skills. First of all, in electrical and thermal engineering - two strong points that help accelerate the reduction of our clients' carbon footprint - but also in ventilation, refrigeration, mechanics and robotics, fire protection, energy renovation, digital solutions, IT, cyber security and telecommunications.​ 

The combination of thes expertises allows us to offer efficient and optimised solutions at all stages of the energy chain, from production, storage and transport to usage. 

(*) Turnover 2024 consolidated 

1. SOC Engineer (F/M) 

Summary of the role 

As part of the Equans CSIRT, you will be responsible for the initial detection, preliminary assessment and response to IT security incidents.  

You will analyse the attackers' modus operandi and assess the extent of compromise. By examining the technical data collected, you will identify the attackers' modus operandi, determine their objectives and assess the extent of the attacks.  

By means of an investigation report, you will propose recommendations for remedying the problems and strengthening the security of the systems affected. You will suggest actions to be taken to counteract and resolve the incident, in particular by cleaning up and reinforcing the security of the systems affected.  

You carry out constant monitoring of new vulnerabilities, emerging technologies and attack methods related to the components of the information system, by developing appropriate investigation tools. 

KEY METRICS OF THE ENVIRONMENT 

• Identities managed: 95,000 

• Workstations: 60000 

• Servers: 6500 

• Hosting: 80% of the IT are managed on Azure and AWS 

• Tierless CSIRT without MSSP or externalization 

• Teammates: 7 incident handlers across 2 countries (3 in Canada and 4 in France) part of the CSIRT (17 persons) 

• Knowledge and toolings:  

• Must know KQL queries  

• Use of EDR solutions 

• Good knowledge of Microsoft security solutions  

• Good knowlegde of Cloud environments 

• knowledge of Threat Intelligence platform solution 

• Use of SIRP 

• Use of Feedly for cyber watch 

KEY OBJECTIVES & KPIs 

Workload allocation on main activities: 

• 50% for alerts reponse and incidents handling 

• 10% for continuous improvements (documentation, process improvement, ...) 

• 10% on detection improvements (hunting and implementation of detection rules) 

• 10% for meetings and operational management 

• 5% for training 

KEY RESPONSIBILITIES 

Threat detection  

• Identify, analyse and qualify security events in real time 

• Assess the seriousness of security incidents 

• Notify security incidents, escalate if necessary 

Reacting to threats  

• Transmit action plans to the entities in charge of processing and provide support regarding the corrective or palliative measures to be implemented 

• Make recommendations on immediate measures 

• Supporting the investigation teams in dealing with incidents 

Implementing uses and tools 

• Help set up the detection service (SIEM, etc.) 

• Helping to define the strategy for collecting event logs 

• Participating in the development and maintenance of event correlation rules 

• Conduct market analysis and evaluate new solutions through Proof of Concepts 

Monitoring and improvement 

• Contributing to the continuous improvement of procedures; developing procedures for new types of incident 

• Contribute to ongoing monitoring of threats, vulnerabilities and attack methods in order to enhance event correlation rules. 

Reporting and documentation 

• Compiling dashboards reporting on operational activity 

• Keeping documentation up to date 

• Threat hunting activities 

In conjunction with Equans internal and partner teams: 

• Inform management of suspected cyber incidents and explain the history, status and potential impact of the event; 

• Advise on disaster recovery, contingency and business continuity plans at tactical, operational and strategic levels; 

• Recommend measures for circumventing and remediating the incident. 

PROFILE  

Academic background & Experience  

Candidates should hold a Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, with equivalent certifications like GIAC Certified Incident Handler (GCIH), Certified Incident Handler (ECIH), or CompTIA Security+ considered as alternatives. A strong foundation in cybersecurity principles, including threat intelligence, network security, and incident management, is essential. 

Professionally, applicants need at least 3-5 years of hands-on experience in cybersecurity operations, ideally in a Security Operations Center (SOC) or incident response team. 

Behavioral Capabilities​ 

• Strong leadership skills, with the ability to guide and mentor a team of IGA professionals.​ 

• Excellent problem-solving and analytical skills, with the ability to troubleshoot complex access governance issues and implement effective solutions.​ 

• Ability to communicate effectively with both technical and non-technical stakeholders, ensuring clarity in explaining complex technical concepts.​ 

• Strong collaboration skills, working seamlessly with cross-functional teams such as IT, security, and compliance.​ 

• Results-driven with a focus on delivering high-quality solutions and achieving business objectives.​ 

• Highly organized with the ability to manage multiple projects and prioritize tasks effectively.​ 

• Comfortable working in a multicultural, distributed team. 

Skills 

• You have a technical background demonstrating your ability to carry out the tasks assigned.  

• You are autonomous, technically versatile and able to tackle new and challenging technical subjects; 

• You are familiar with monitoring and intrusion detection tools, as well as incident management systems; 

• You have an excellent methodological approach to incident response management; 

• You are proficient in malware analysis; 

• You have an interest in and skills for developing task automation;  

• You are curious, rigorous and enjoy a challenge; 

• You are comfortable working in a decentralised, multicultural organisation with varying levels of maturity in terms of cyber security; 

• You're a good communicator, with good interpersonal skills, and you're comfortable adapting to a variety of people; 

• You have a sense of ethics and are able to exercise discretion; 

• Fluent English essential and willing to work in an international context; 

• One or more certifications related to incident response (SANS, OSCP, etc.) and possibly intelligence on cyber threats are desirable. 

Why Join Us? 

Motivational Environment 
Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support. 

Challenging Topics 
Contribute to multiple high-impact projects that tackle real-world cybersecurity challenges. Your expertise will make a difference. 

Empowered Voices 
Your ideas matter. As a valued team member, your input will be heard, respected, and considered in decision-making processes. 

Technical Growth 
Advance your skills through tailored training programs and hands-on experience. We invest in your development to help you reach your full potential.