- We were integrated into the Computer Security Incident Response Team (CSIRT) of a major player in the banking sector
The service involved:
- Managing level 3 incidents (vulnerabilities, APTs, viruses, etc.);
- Creating, testing, implementing and maintaining security incident detection rules;
- Creating and implementing incident management procedures;
- Coordinating level 2 SOC operations;
- Carrying out digital investigations / forensics;
- Hunting threats, analyzing weak signals and developing SIEM use cases;
- Taking part in the implementation and maintenance of the SIEM, and other security platforms managed by the team;
- Contributing to log collection and onboarding architecture projects.
Keys to success
- Our expertise in security and an in-depth understanding of security production issues in a bank;
- Our ability as a service provider to advance subjects in a matrix organization by relying on other production teams;
- Our resistance to stress in order to apply their analytical skills and the ability to remain calm during security incidents;
- Our good communication skills to manage resistance to change within projects.