Cyber Defence – Security Monitoring & Response Analyst

Job description

Security monitoring

• Monitor SIEM, EDR, Data Analytics Platforms and DLP solutions for alerts triggered by pre-defined detection use cases
• Investigate and qualify those alerts for further handling;
• Provide feedback to engineering team for fine-tuning of detection use cases; -Develop runbooks for handling of security monitoring alerts.

___

Incident Response & Digital Forensics

• Drive the handling of security incidents by defining and assigning response actions to IT personnel and following-up on their execution;
• For severe incidents, steer and coordinate and ad hoc incident response team to contain, mitigate, eradicate and restore;
• Perform Digital Forensics on a wide range of asset, but particularly on Windows systems;
• Develop reaction plans for handling of security incidents.

___

Threat Hunting

• Retroactively hunt for potential compromises and other security issues, based on new threat intelligence, gathered by our Threat Analysts.

___

Threat Collection and Analysis

• Routinely collect the cyber threat intelligence information using Group CTI platform.
• Execute threat analysis: Identify impacted assets, develop threat scenarios, define a ‘kill chain’, i.e. step-by-step analysis of the attack, prioritize threats.
• Identify existing or missing counter-measures (controls & reaction plans) i.e. mapping to bank specificity: enterprise architecture, vulnerability status, latest incidents.
• Operate and populate a threat knowledge management tool.
• Generate reports and share within the relevant parties in the bank.

Languages

• French: good spoken & written
• Ducth : good spoken & written
• English: Fluent spoken & written (mandatory) ___

Technical Experience

Mandatory:

• Good knowledge of IT security technology and processes (secure networking, web infrastructure, system security, security control point management, etc.)

• Experience with reviewing alerts to determine relevancy and urgency by correlating different events and sources

• Experience with detection and mitigation of phishing attacks

• Experience managing incidents via ticketing systems such as HPSM and Service Now

• Ability to clearly write documentation, procedures and knowledgebase articles

• Experience with Use Case Development and Runbook creation

• Familiar with networking concepts, configuration and components

• Comfortable working in Windows and Linux based systems

___

Preferable

• Hand’s on malware analyses skills

• Knowledge of digital forensics practices for Windows systems

• Experience with security incident management as a SPOC in a SOC or CSIRT environment, coordinating incidents towards technical and management teams

• Knowledge of various IDS/IPS such as Cisco Sourcefire and Palo Alto

• Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as Splunk, ArcSight, ELK

• Experience working with EDR solutions like Tanium and Mcafee

• Experience with DDoS solutions and services such as Akamai and F5 WAF based application protections

• Practical experience with Threat Hunting

• Basic knowledge of Threat Modelling

• Know how to interpret and analyse Threat Intelligence information and make it actionable via a CTI platform

• Experience with DLP solutions like Symantec DLP

• Knowledgeable about SOAR and automation techniques with Demisto or Cortex XSOAR

• Basic Reverse Engineering skills

Others:

• Rate: 650 € per day
• Work location: Brussels