The Cyber Security Incident Response Team (CSIRT) Analyst is responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats across the enterprise environment. The role focuses on proactive threat detection, incident investigation, SIEM monitoring, threat hunting, and coordination with global security and infrastructure teams to contain and remediate security incidents.
The analyst will leverage enterprise security technologies including SIEM, EDR/XDR, threat intelligence platforms, and security monitoring tools to identify malicious activity, investigate anomalies, and support continuous improvement of the organization's security posture.
Role Description:The ideal candidate will have experience in a variety of technologies essential to identifying threats to the Stellantis environment, specifically SIEM Microsoft Sentinel, and use those skills to perform the following:
- Daily use of SIEM Tool, to analyze data flows and identify potential threats and anomalies.
- Ability to provide a detailed analysis of logs from security infrastructure (Firewall, IPS, etc).
- Provide internal threat hunting and policy abuse management based on information gathered in SIEM.
- Understand how to gather threat intelligence data.
- Recognize potential successful and unsuccessful intrusion attempts and compromises.
- Log incidents and track them via incident management tool (Resilient).
- Provide suggestions for Microsoft Sentinel optimization and source log parsing.
Responsibilities:- Define Sentinel use cases, dashboards, filters etc. as needed.
- Effectively communicate issues with Global teams as needed.
- Share results and ideas with the extended team.
- Provide hours of support as required.
- Have a solid understanding of enterprise environments including networking, web services, database, operating systems, etc.
- Experience with MITRE Attack is a plus.
- Provide documentation as needed, such as playbooks, to be shared with other team members.
- Ability to work from high level direction and then collaborate with the rest of the CSIRT and other Products within CDOC team.
Basic Qualifications:- BS/BA degree in Computer Science, Data Science, Engineering, Information Science, Statistics, Information Systems, or other relevant disciplines from an accredited university or recognized higher education institution.
- Equivalent international qualifications such as a BSc, MSc, or Diplôme d'ingénieur (Europe), or regionally accredited degrees (North America) are also acceptable.
- Minimum 3 years of overall experience working as a Security Analyst in enterprise environments.
- Minimum 2 years of hands-on experience with SIEM Sentinel, including configuration, tuning, and incident investigation.
- Strong understanding of SIEM (Security Information and Event Management) concepts, architecture, and operational workflows.
- Proven experience supporting and maintaining SIEM platforms in complex, large-scale enterprise infrastructures.
- Excellent analytical and problem-solving skills, with the ability to troubleshoot and resolve security-related issues effectively.
- Strong communication skills, with the ability to clearly articulate technical concepts to both technical and non-technical stakeholders, including management and cross-functional teams.
