Senior Security Analyst

Senior Security Analyst

- - - - - - - - - - - -

Core Technical Competencies:

• Operating Systems Expertise: In-depth knowledge of Red Hat Enterprise Linux (RHEL), CentOS, Ubuntu, and Windows Server (2016, 2019, 2022).
• Infrastructure as Code (IaC): Proficient in using IaC tools such as Terraform, CloudFormation, and Ansible for effective infrastructure management.
• CI/CD Tools: Hands-on experience with CI/CD tools, including Jenkins, GitHub Actions, GitLab CI/CD, and Azure DevOps, for automating deployment processes.
• Containerization and Microservices: Familiarity with container technologies (Docker, Kubernetes) and principles of microservices architecture.
• Automation Frameworks: Ability to design automation frameworks and develop/execute test scripts to facilitate security testing and compliance.
• Scripting Proficiency: Preferred experience with scripting languages such as PowerShell, Python, Ansible, or Bash for automating security tasks.
• Policy Compliance Knowledge: Extensive understanding of compliance policies related to Windows Server operating systems, security settings, and OS hardening practices.
• Technical Expertise: Serve as a technical expert in cybersecurity matters, providing guidance and resolving complex security issues for other teams.
• Tool Experience: Familiarity with tools such as EGP, ServiceNow, Grafana, OCS, and cloud posture management tools for security monitoring and management.
• Adaptability: Ability to learn new tools, languages, and operating systems quickly through training and practical experience.
• Mentorship Role: Provide technical direction and support, acting as a mentor to junior analysts and team members in security operations.

Skills and Experience:

• In-depth expertise in IT infrastructure, with Level-3 proficiency in Linux administration and scripting capabilities, aimed at optimizing daily operations.
• Over 5 years of experience in infrastructure security, with a focus on vulnerability management, cybersecurity management, and IT operations.
• Proficient in cybersecurity tools and frameworks for endpoint security, patch management, and vulnerability scanning.
• Strong monitoring skills for compliance activities across Windows and Linux systems, particularly in antivirus (TrendMicro) and vulnerability management.
• High attention to detail, ensuring accuracy in documentation and processes.
• Excellent communication skills to articulate systems, processes, and workflows to diverse audiences.
• Familiarity with account revalidation activities and their related processes.

Key Responsibilities Specific to Michelin:

• Develop Power BI dashboards, create PowerApps based on business needs, and utilize Power Automate for automating workflows related to legacy infrastructure activities.
• Manage periodic account revalidation processes, ensuring compliance with MGSR guidelines, and automate end-to-end procedures where applicable.
• Drive documentation initiatives for key security topics in collaboration with the DAP group security team.
• Serve as the point of contact for Global Transversal in the monthly patch forum, handling exclusion requests.
• Produce and automate Monthly Patching Reports and Server Reboot Reports.
• Review operational documentation for coordination and format compliance, including Knowledge Base (KB) updates and resource planning for on-call support. Prepare documentation for KPI computations (SOP).
• Implement Patching KPIs as expected by the SSI Team.
• Act as the account manager for partners, approving account requests and deletions.
• Contribute to internal control activities and the Middleware patching RACI & roadmap.
• Manage ThreatCon alerts as reported by delivery partners.