Head OF CSIRT (F/M/X)

Summary of the role

CSIRT Equans is the team, part of SLS Cyberdefense, in charge of detecting and remediating cybersecurity incidents for Equans internal information systems. Particularly during cyber crisis management, CSIRT Equans is accountable of performing forensic investigations and providing remediation plans.

As a coordination unit, the CSIRT-Equans relies on a mix of own resources and other teams to fulfil its missions – in particular local cybersecurity teams located within various Business Units and Entities, cybersecurity service suppliers and external partners. Moreover, CSIRT‑Equans collaborates with the CSIRTs and CERTs of companies that are part of our incident‑response partner organizations.

Reporting to the Global SLS CISO, Head of CSIRT manages CSIRT-Equans’ team and is in charge of the delivery and quality of inherent services described below and in Annex.

KEY METRICS OF THE ENVIRONMENT

• Identities managed: 95,000
• Workstations: 60000
• Servers: 6500
• Hosting: 80% of the IT are managed on Azure and AWS
• Teammates: 17 people in the CSIRT (3 incident handlers in Montreal CA).
• Technical leads : 1 per department

KEY RESPONSIBILITIES

The Head of CSIRT for Equans is in charge of managing the CSIRT and organizing the delivery of the following activities for the Group:

• Computer Security Incident Response and Cybersecurity Crisis Management: you ensure that all major cybersecurity incidents (level 3) are properly and timely managed, and that cybersecurity crisis training is followed and team is prepared.
• Security Operations Centre: SOC is part of CSIRT. HO CSIRT is accountable of the delivery of SOC activities and continuous improvement.
• Threat Management, as a CSIRT department, delivers threat hunting activities and external threats management.
• You manage the numerous projects on SOC, Threat management and automation part.
• You propose innovation projects and tooling assessments.
• Purple team testing: you coordinate test campaign to improve our detection strategy
• Steering committees : you ensure a proper animation of steering committees with your consistency
• Detection strategy : you propose a detection strategy and you guarantee its execution.
• Cybersquatting watch and brand protection in general, in coordination with the legal department
• Investigations and Forensics : you lead incident management
• You represent Equans and coordinate with external CSIRTs part of trust circles
• Animation of the monthly incident responders meeting for which you select topics of interest and organize the meetings
• You produce operational reporting & KPIs
• You ensure all inquiries are answered, and ensure an active presence of the team amongst Equans.
• You work within your teams, for whom you are a hands-on manager.

In conjunction with Equans  internal teams and partner teams:

• Inform management of suspected incidents and explain the history by providing punctual feedback with the status and potential impact of the event;
• Provide advice on disaster recovery, emergency and business continuity plans, at the tactical, operational and strategic levels;
• Recommend measures to circumvent and remediate the incident.

PROFILE

Academic background & Experience

Engineering degree (Master’s level or equivalent) in computer science, cybersecurity, information sciences, or a related field.

At least 3 to 5 years of experience in a similar cybersecurity role, ideally within a CSIRT, SOC, or Threat Intelligence team.

10 years of experience in cybersecurity field.

Experience in a decentralized and/or international company or organization is a plus.

Behavioral Capabilities​

• Strong leadership skills
• Excellent problem-solving and analytical skills, with the ability to troubleshoot complex access governance issues and implement effective solutions.​
• Ability to communicate effectively with both technical and non-technical stakeholders, ensuring clarity in explaining complex technical concepts.​
• Strong collaboration skills, working seamlessly with cross-functional teams such as IT, security, and compliance.​
• Ability to recruit, coach and develop junior staff
• You demonstrate interest and skills in developing task automation;
• Good communicator, you have interpersonal skills and you adapt easily to various people;
• You have a sense of ethics, and know how to exercise discretion;
• You are fluent in English and willing to work in an international context.
• Comfortable working in a multicultural, distributed team.
• You have an excellent methodological approach to managing incident responses;

Skills

• You have technical background demonstrating the ability to perform the assigned tasks;
• You are autonomous, technically versatile and have the ability to tackle new and stimulating technical subjects;
• Incident response and incident prevention
• Able to conduct preventive and predictive analysis to help mitigate future threat
• Ethical hacking / penetration testing skills
• Very good knowledge of Internet, DNS, networking and network protocols in general
• Very good knowledge of network security tools (intrusion prevention systems, firewalls, vulnerability scanners, proxies…)
• Good knowledge of SOC tools such as SIEM (e.g. Splunk), SOAR, EDR, MISP
• Good understanding of Microsoft Active Directory and Identity & Access Management technologies in general
• Knowledge of the Microsoft Office 365 software suite

Why Join Us?

Motivational Environment
Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support.

Challenging Topics
Contribute to multiple high-impact projects that tackle real-world cybersecurity challenges. Your expertise will make a difference.

Empowered Voices
Your ideas matter. As a valued team member, your input will be heard, respected, and considered in decision-making processes.

Technical Growth
Advance your skills through tailored training programs and hands-on experience. We invest in your development to help you reach your full potential.