Cyberwatch Analyst

About us

Saint-Gobain designs, manufactures and distributes materials and solutions for the construction, mobility and industrial markets. Developed through a continuous innovation process, our integrated solutions provide sustainability and performance in daily life, addressing the renovation of public and private buildings, light construction and the decarbonization of construction and industry. In this way, we contribute to reducing carbon emissions, leveraging resource efficiency and increasing circularity. Saint-Gobain believes in progress and seeks to be a game-changer that improves individual and collective health and wellness. We are convinced that the solutions that meet everyone's essential needs and allow us to live better together, without jeopardizing future generations, are still to be invented. Our commitment to reach this ambitious objective is guided by our shared purpose "MAKING THE WORLD A BETTER HOME". 47.9 billion in sales in 2023 160,000 employees, located in 76 countries Committed to achieving net zero carbon emissions by 2050

Job Purpose / Summary :

The Cyberwatcher is responsible for proactively searching and identifying cybersecurity threats within the organization's assets.

He will be in contact with the Identify team to obtain information to help him carry out this task, but he must also keep a watchful eye to anticipate the hunts. Cyberwatcher will liaise with the React team to ensure that, once findings are successful, the containment and eradication process can be implemented with his assistance and information. After the incident is closed, he will create detailed incident reports and contribute to lessons learned in collaboration with the relevant team. He will also collaborate with the Offensive Security team during purple team exercises to enhance his Threat Hunting campaigns

This role involves creating valuable defense to potential threats to ensure the security and integrity of the organization's digital assets

Key Responsibilities :

The Cyberwatcher is responsible for :

Maintain expert knowledge of Advanced Persistent Threat (APT) Tools, Techniques and Procedures (TTPs), forensics and incident response best practices.

Use threat intelligence and threat models to build threat scenarios.

Prepare and conduct threat-hunting campaigns to check threat scenarios.

Research, analyze and correlate a wide range of data sets from any source.

Proactive and iterative research into systems and networks to detect advanced threats.

Reporting risk analysis and threat findings to the relevant stakeholders.

Identify and provide automated alerts for emerging and historically unknown threats.

Co-operate with multiple teams within operations, intelligence and engineering to continuously improve security checks and detection performance.

Participate PTXs (purple team exercises) by monitoring new detection capabilities.

Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders.

Work closely with key stakeholders in technology, application, and cybersecurity to develop targeted use cases addressing specific advanced persistent threat (APT) behaviors

Key Performance Indicators :

The Cyberwatcher is responsible for :

Maintain expert knowledge of Advanced Persistent Threat (APT) Tools, Techniques and Procedures (TTPs), forensics and incident response best practices.

Use threat intelligence and threat models to build threat scenarios.

Prepare and conduct threat-hunting campaigns to check threat scenarios.

Research, analyze and correlate a wide range of data sets from any source.

Proactive and iterative research into systems and networks to detect advanced threats.

Reporting risk analysis and threat findings to the relevant stakeholders.

Identify and provide automated alerts for emerging and historically unknown threats.

Co-operate with multiple teams within operations, intelligence and engineering to continuously improve security checks and detection performance.

Participate PTXs (purple team exercises) by monitoring new detection capabilities.

Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders.

Work closely with key stakeholders in technology, application, and cybersecurity to develop targeted use cases addressing specific advanced persistent threat (APT) behaviors

Qualificaton :

Bachelor's degree in Computer Science, Information Security, EXTC or related field.

Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable.

Proven experience (3+ years) working within the Cybersecurity field, with emphasis on Threat Hunting.

Experience with Palo Alto XDR and / or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc.

Experience with Palo Alto XSOAR and / or equivalent SOAR Platforms like Resilient, Phantom, etc.

Expertise in network, host (Windows and Linux systems) and cloud investigations.

Proficiency in scripting languages such as Python or PowerShell and regular expressions.

Knowledge of data mining and / or machine learning.

Skills in identification of cyber-attack campaigns.

Experienced in hunting for data using tools such as a SIEM.

Capacity to analyze malware, extract indicators and create signatures in Yara, Snort and IOC.

Robust analytical abilities and the skills to investigate, write, communicate and inform audiences at different levels, including management.

Functional Skills / Competencies :

The Cyberwatcher is responsible for :

Maintain expert knowledge of Advanced Persistent Threat (APT) Tools, Techniques and Procedures (TTPs), forensics and incident response best practices.

Use threat intelligence and threat models to build threat scenarios.

Prepare and conduct threat-hunting campaigns to check threat scenarios.

Research, analyze and correlate a wide range of data sets from any source.

Proactive and iterative research into systems and networks to detect advanced threats.

Reporting risk analysis and threat findings to the relevant stakeholders.

Identify and provide automated alerts for emerging and historically unknown threats.

Co-operate with multiple teams within operations, intelligence and engineering to continuously improve security checks and detection performance.

Participate PTXs (purple team exercises) by monitoring new detection capabilities.

Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders.

Work closely with key stakeholders in technology, application, and cybersecurity to develop targeted use cases addressing specific advanced persistent threat (APT) behaviors

Behavioral Skills / Competencies :

Has a systematic, disciplined, and analytical approach to problem solving.

Excellent ability to think critically under pressure.

Strong communication skills to convey technical concepts clearly to both technical and non-technical stakeholders.

Willingness to stay updated with evolving cyber threats, technologies, and industry trends