Senior Cybersecurity SOC Analyst

Since our founding, IDEMIA has been on a mission to unlock the world and make it safer through our cutting-edge identity technologies. Our technology leadership makes us the partner of choice for hundreds of governments and thousands of enterprises in over 180 countries, including some of the biggest and most influential brands in the world. In applying our unique expertise in biometrics and cryptography, we enable our clients to unlock simpler and safer ways to pay, connect, access, identify, travel and protect public places – at scale and in total security.

Our teams work from 5 continents and speak 100+ different languages. We strongly believe that our diversity is a key driver of innovation and performance.

Purpose
This role investigates and analyzes all response activities related to cyber incidents within the company's virtual and physical systems. Key Missions

As a Senior SOC Analyst, you will play a key role in detecting, analyzing, and responding to cybersecurity incidents across IDEMIA's global environments (Office, R&D, Production, Cloud). You will also dedicate some time to improving detection, response, and automation capabilities, helping evolve our SOC into a proactive, automation-driven defense center.

Key Responsibilities -:

Incident Detection & Response -

• Monitor and triage security alerts from multiple sources including Cortex XSIAM, SIEM, EDR, and SOAR platforms, ensuring accurate prioritization and response.

• Lead complex incident investigations, including advanced persistent threats (APT), lateral movement, privilege escalation, and data exfiltration scenarios.

• Perform in-depth forensic analysis on endpoints, logs, and network traffic to identify root causes and attack vectors.

• Correlate multi-source telemetry (e.g., endpoint, cloud, identity, email) to reconstruct attack timelines and identify impacted assets.

• Coordinate incident response activities with internal stakeholders, including IT, business units, and legal/compliance teams.

• Drive and oversee external MSSPs (SOC, CTI, web monitoring, and third-party forensic providers) to ensure timely, high-quality support during

Investigations and threat monitoring-

• Ensure alignment and escalation processes between internal teams and MSSPs are well-defined, efficient, and continuously improved.

• Document and communicate incident findings, including impact assessments, containment actions, and lessons learned.

• Contribute to post-incident reviews and ensure implementation of corrective actions and detection improvements.

Continuous Improvement and projects -

• Lead technical initiatives to enhance SOC capabilities, including development of advanced detection rules, enrichment pipelines, and automated response playbooks.

• Develop and refine detection logic using behavioral analytics, threat intelligence, and MITRE ATT&CK mapping.

• Drive end-to-end projects to optimize incident response workflows using Cortex XSIAM ensuring measurable improvements in response time and accuracy.

• Design and implement integrations between SOC tools (e.g., SIEM, EDR, CTI platforms, SIRP) to improve alert workflow and reduce latency.

• Conduct regular gap analyses on detection coverage and propose technical solutions to address blind spots across cloud, endpoint, and network layers.

• Automate repetitive SOC tasks using scripting (e.g., Python, PowerShell) and SOAR workflows to improve analyst efficiency and reduce MTTR.

Required Skills & Experience -

• 4 to 8 years of experience in SOC operations or incident response.

• Proven experience with Cortex XSIAM, or strong hands-on with Cortex XDR/XSOAR, or equivalent EDR/SIEM/SOAR platforms.

• Strong knowledge of cybersecurity frameworks (e.g., MITRE ATT&CK, NIST).

• Experience in handling high-impact or rare incidents.

• Proficiency in log analysis, threat hunting, and root cause analysis.

• Familiarity with scripting (Python, PowerShell) and automation.

Qualifications -

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

• Relevant certifications (e.g., CEH, GCIA, GCIH, CySA+, CISSP, PCSAE) are a plus.

Scope & Conditions -

• Geographical Scope: Global

• Work Schedule: 24/7 team with follow-the-sun model; on-call duty required during weekends.

• Language: Fluent in English, 95% of daily activities will be in English.

Profile & Other Information

By choosing to work at IDEMIA, you will join a unique tech company, offering a wide range of growth opportunities. You will contribute to a safer world, collaborating with an international and global community. We value the diversity of our teams and welcome people from all walks of life, regardless of how they look, where they come from, who they love, or what they think.

We deliver cutting edge, future proof innovation that reach the highest technological standards and we're transforming, fast, to stay a leader in a world that's changing fast, too.

At IDEMIA, people can develop their expertise and feel a sense of ownership and empowerment, in a global environment, as part of a company with the ambition and the ability to change the world.

Visit our website to know more about the leader in Identity Technologies

---