Our mission at AXA is to empower people to live a better life.
We have to move from a perceived payer of claims to a strong partner in life for our customers.
Thus, our role as Group Operations must be to support and to empower all AXA teams in the best way to achieve together this meaningful aspiration.
The most powerful levers to achieve this can be summarized as Innovation and Execution , and will drive all Operations teams: · Innovation: To create and provide the prerequisites and opportunities for all AXA teams to develop leading innovative solutions for the needs of our current and future customers · Execution: To create an environment which allows our teams all over the world to bring their ideas to reality and make our strong promise to the customers happen Our concrete goals are to: · Reinforce and realize our value creation for the global AXA organization; · Support and foster innovation across AXA in a close alignment and teaming with Group Business Innovation; · Embed simplicity and empowerment in our day-to-day working as well as ensure that we contribute to AXA's mission and strategy.
CYBER DEFENSE Under Group Security, the Cyber Defense department provides entities with first line of defense services to protect, detect and react to Cyber Threats and Attacks and deliver IT Security Products.
Within Cyber Defense, Security Operations Center (SOC) is designed to prevent, detect and react to cyber threats.
MISSION Security Operations Center (SOC) delivers the following capabilities to the AXA entities around the globe: Security Monitoring and Detection, Security Incident Response and Threat Intelligence.
The are 2 transversal services of the SOC allows increasing coverage and overall detection capability which are Log Onboarding Factory and Use Case Factory.
The Log Onboarding Factory provides a mechanism to ensure that AXA entities have the right log sources monitored by onboarding new assets in line with the log monitoring requirements (to cover critical assets) and updating the log monitoring scope following periodical assets inventory review.
As part of the log onboarding factory, SOC Onboarding & Integration Specialist will be in charge of the following activities: · Onboarding logs following logs onboarding guidelines and process o Identifying prerequisites for log sources to be onboarded (technology, versions, etc.)
o Defining the connectors setup and ensuring the setup of all IP configurations o Requesting and following up on the opening of the necessary firewall flows o Providing guidance on configuring the source devices according to logging standard o Validating that events from log sources are received and troubleshooting when necessary o Communicating on the progress and blocking points · Formalize and maintain documentation for log sources onboarding o For new technology, gather relevant information from the configuration guides related to the log sources technology and from the contacts managing the platform o Define based on the collected information with the Security Monitoring and Detection and Security Incident Response teams the relevant logs to be collected o Document and maintain the logging standards, the connectors configuration and the mapping tables · Manage the delivery of entities onboarding demands and ad-hoc projects o Drive end to end log onboarding demands/projects in coordination with entities, projects stakeholders, third party log onboarding team: understand the onboarding requirements, manage prioritisations and capacities o Ensure the delivery from the third party log onboarding team is in line with the onboarding requirements including relevant documentation o Participate in demand requests and projects as a subject matter expert contributing to proposal and scoping, solution design o Onboarding logs following logs onboarding guidelines and process · Liaise with the SIEM Platform Management team to ensure continuous integration within AXA environment o Enable the information exchange and communication flow among the teams that implement SIEM Platform configuration change o Perform tracking and documentation of all the change activity (i.e.
on-boarding, connector configuration adjustment, etc.)
o Perform regular coordination to exchange information on the planned onboarding, identified issues, etc.
Team structure: Security Operations Center comprises of Security Monitoring and Detection, Security Incident Response & Forensics and Configuration & Development teams.
Stakeholders: · Internal actors: Group IT and Cyber Defense teams, Group Security, Entities, Group Procurement, GO Markets, GO Partnership Office, Security Operations Center operational teams · External actors: third party log onboarding team, vendors, professional bodies, industry peers