SOC MANAGER / CONFIRMED L2 ANALYST FOUNDER OF THE SOC GBS - Casablanca

Company :

Created in 1997, GSM Al Maghrib is a Moroccan private group that diversifies into several business sectors by operating in the distribution of telecommunications products, money transfer, printing management services, data center management, and security solutions.

Our HR vision is based on the belief that human capital is the main driver of sustainable performance and growth. The objective is to create a stimulating work environment that encourages engagement, skill development, and the professional fulfillment of employees.

The company encourages a culture based on:

• Team spirit
• Innovation
• Responsibility
• Managerial proximity
• Results orientation

This culture promotes collaboration between teams and helps maintain a positive social climate.

Job :

As part of the creation of a SOC (Security Operations Center) within our company, a major player in the Distribution sector, a unique position is available in Casablanca. An exceptional opportunity is offered to you to be a founding pillar of this new entity. Join us and actively participate in the construction and success of our cybersecurity strategy.

Your main mission will be to establish and evolve the SOC, ensuring continuous threat monitoring, in-depth analysis of security incidents, and rapid and effective response to protect our infrastructure and data. You will be responsible for the robustness of our digital defenses.

Your responsibilities will include overseeing security operations, investigating security alerts, managing incidents, implementing and optimizing detection and prevention tools, as well as contributing to the continuous improvement of SOC processes. This involves:

• Analysis and investigation of level 2 security events.
• Management of security incidents from detection to resolution.
• Proactive monitoring of IT infrastructure and information systems.
• Writing analysis reports and recommendations.
• Contribution to threat and vulnerability monitoring.
• Participation in the definition and improvement of detection procedures and rules.

Required profile :

To excel in this role, a solid academic background is required, ideally a degree at Master's level (Bac +5 and above), in the fields of IT or Electronics, with a strong focus on cybersecurity.

With experience ranging between 5 and 10 years in the field of cybersecurity, you already have recognized expertise in managing and operating a SOC, ideally gained in the distribution sector or in similar complex environments.

POSITION IDENTIFICATION
Job Title SOC Manager / Confirmed L2 Analyst - Founder of SOC GBS
Nature of position Technical and managerial - SOC construction and operation
AGENT IDENTITY
Name-First Name
Status, body, category, grade Confirmed Executive / Manager
SERVICE PRESENTATION
Main mission of the service To build, deploy, and operate the GAM Business Solutions Security Operations Center (SOC), intended to provide cybersecurity incident monitoring and response services to clients (banks, telecom operators, large Moroccan companies).
Service composition SOC activity starting up (target 6 to 8 people within 18 months)
Reporting Director of the Cybersecurity BU
JOB MISSIONS
Main mission, reason for being or purpose of the position Hybrid founder role, the SOC Manager / Confirmed L2 Analyst holds the dual responsibility of building the GBS SOC from scratch (architecture, processes, team, platform) while remaining operational at startup as a senior L2 analyst. He defines the service offering, recruits and structures the team, chooses and deploys the technical platform (SIEM, SOAR, threat intel), industrializes detection and response processes, and supports the first clients in a high-value-added, sovereign-oriented managed service (MSSP) logic.
Missions and activities of the position Mission 1: SOC Construction and Service Offering Definition
As such, he must:
• Design the SOC's technical architecture: SIEM, SOAR platform, log sources, threat intelligence, automation.
• Select and deploy tools (Wazuh, ELK, Splunk, Microsoft Sentinel or equivalent) using a progressive and controlled approach.
• Define the SOC service catalog (monitoring, detection, qualification, response, threat hunting, reporting) and service levels (SLA, KPI).
• Establish operational processes (runbooks, playbooks, escalation procedures) and associated documentation.
• Prepare the industrialization roadmap (MVP at 6 months, first clients at 9-12 months, ramp-up at 18 months).
Mission 2: Team Recruitment and Structuring
As such, he must:
• Define the target SOC organization (L1, L2, L3, threat intel, SIEM engineering) and the necessary profiles.
• Lead the recruitment of the first analysts (acquiring experienced profiles + integrating juniors to be trained).
• Implement onboarding, continuous training, and team certification programs.
• Supervise and develop the skills of the recruited junior L1 and L2 analysts.
Mission 3: Client Onboarding and Operation
As such, he must:
• Lead the onboarding phases for new clients: asset inventory, log source integration, detection rule calibration.
• Define with each client the monitored scope, priority use cases, escalation policies, and reporting modalities.
• Ensure the quality of the service provided: compliance with SLAs, alert qualification, controlled false positive rate.
• Conduct periodic service review meetings with clients (monthly and quarterly).
Mission 4: Incident Analysis, Detection, and Response (L2 Operational Role)
As such, he must:
• Investigate complex alerts reported by L1 and qualify incidents (true positives, false positives, escalations).
• Conduct threat analysis, threat hunting, and forensic investigation on confirmed incidents.
• Coordinate incident response with client teams (containment, eradication, recovery) and vendors.
• Maintain and evolve detection rules (use cases, correlations, signatures), playbooks, and SOAR workflows.
Mission 5: Threat Intelligence and Continuous Improvement
As such, he must:
• Implement threat intelligence feeds and their integration into the SOC platform (IoCs, TTPs, MITRE ATT&CK).
• Conduct active monitoring of threats targeting the banking and telecom sectors in Morocco.
• Capitalize on handled incidents to enrich detections and playbooks.
• Conduct simulation exercises (Red Team / Purple Team) and post-incident reviews.
Mission 6: Steering and Reporting
As such, he must:
• Steer the operational activity of the SOC: dashboards, performance indicators, monitoring of contractual SLAs.
• Produce monthly and quarterly reports for clients and GBS Management.
• Contribute to the commercial aspect: support SOC pre-sales, participate in client presentations, leverage feedback.
• Ensure the compliance of SOC activities with applicable regulatory requirements (DGSSI, banking secrecy, personal data protection).
REQUIRED SKILLS
Technical skills SIEM Platforms: Expertise in at least two solutions: Splunk, IBM QRadar, Microsoft Sentinel, Elastic Security, Wazuh, ArcSight.
SOAR Platforms: Good command of at least one solution (Cortex XSOAR, Splunk SOAR, Tines, Shuffle or equivalent).
Analysis and Investigation: Threat hunting, network and endpoint forensics, log analysis, multi-source correlation.
EDR and Endpoint Security: Knowledge of EDR/XDR solutions (CrowdStrike, SentinelOne, Cortex XDR, Microsoft Defender).
Frameworks and Methodologies: MITRE ATT&CK, Cyber Kill Chain, Diamond Model, NIST CSF, ISO 27035.
Threat Intelligence: Integration and exploitation of CTI feeds, TIP platforms (MISP, OpenCTI).
Network and Perimeter Security: Solid understanding of firewalls, IPS, segmentation, and associated logs (Fortinet, Palo Alto, Check Point).
Cloud (light aspect): Notions of security monitoring in Cloud environments (AWS GuardDuty, Azure Sentinel).
Automation and Scripting: Python, PowerShell, Bash, KQL/SPL/EQL queries.
Behavioral skills • Leadership and proven ability to build and grow a team from scratch.
• Sense of customer service and ability to handle the commercial and contractual aspects of the SOC.
• Ability to balance strategic (architecture, vision) and operational (analysis, incident response) aspects.
• Executive communication and ability to lead service committees with high-level client representatives.
• Rigor, composure, and crisis management in major incident situations.
• Absolute discretion regarding client data and incidents.
• Proficiency in French and technical English.
TRAINING AND EXPERIENCE
Master's degree (Bac +5) in cybersecurity, IT, or equivalent engineering degree.
Appreciated Certifications SOC and Defense: GIAC GCIH, GCIA, GCFA, GMON; EC-Council CSA (Certified SOC Analyst) or CTIA.
SIEM/SOAR: Splunk Core Certified Power User / Admin, Microsoft SC-200, Elastic Certified Analyst.
Cross-functional Cybersecurity: CISSP, CISM, ISO 27001 Lead Implementer.
Cloud (appreciated): AWS Security Specialty, Microsoft AZ-500.
Experience Minimum 8 to 12 years of experience in cybersecurity, including at least 5 years in a SOC environment (L2/L3 analyst, lead analyst, or SOC Manager) at an MSSP, telecom operator, major bank, or large group. Experience with the startup or redesign of a SOC is highly appreciated.
 

Head office address :

Desired personality trait :

Organization