Description
Cyber Defence - Security Monitoring & Incident Response Expert
Tier 1 - Security Monitoring
- Alert Monitoring to detect potentially-malicious or anomalous activity based on event data (log files and data outputs) from a wide range of IT systems and network components (see Miscellaneous).
- Alert, performance and threshold tuning and analysis across the tool sets, based on traffic patterns and other data.
- Develop & maintain monitoring and reporting dashboards.
- Produce and review periodic metrics with regards to security monitoring.
Tier 2 - Alert Qualification
- Investigate security alerts leveraging a wide range of IT systems and network components (see Miscellaneous), as well as threat intelligence to qualify potential incidents.
- Escalate confirmed incident to the incident responder on duty.
- Develop & maintain automation scripts and tools.
- Feedback to Security Monitoring/Engineering to improve detection and protection controls.
Tier 3 - Incident Response
- During your duty of incident responder (on call 24/7, one week out of six) you will respond to escalated security alerts/incidents.
- Perform and/or facilitate digital forensics on workstations, Servers, network components, mobile devices and applications.
- Develop and maintain incident response plan and procedures.
- Test the Incident Response capability through regular exercises.
- Proactively look for potential incidents through threat hunting activities.
Miscellaneous
- Stay up-to-date with trends in the information security community including new vulnerabilities, methodologies and products.
- Leverage a wide range of IT systems and network components: IDS/IPS, Firewalls, Web Access Security, SIEM, EDR and DLP systems, Honeypots and other sources.
Education
Bachelor/Master or equivalent by experience
Languages
Requirement
French
Good speaking and writing, or
Dutch
Good speaking and writing, and
English
Fluent speaking and writing
Required knowledge/Experience
Experience
3+ years of experience in information security.
Technical Experience
Mandatory
(demonstrate general knowledge of most of the following, with deep understanding in at least one or two areas)
- Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, Linux, etc.);
- Knowledge of different key protocols and services throughout the seven layers of the OSI model (IP, ICMP, TCP, UDP, Telnet, SSH, SMTP, POP3, HTTP(S), FTP, DNS,).
- Familiarity with common cyber threat modus operandi, tools and techniques (TTP: tools, techniques and procedures)
- Familiarity with deterministic detection schemes and use of observables (IOC: indicators of compromise)
Preferable
- Past experience in an incident response context.
- Knowledge of various IDS/IPS, NetFlow, and protocol collection and analysis tools such as Snort, Suricata, Bro, Argus, SiLK, tcpdump, and WireShark.
- Knowledge of log aggregation, SIEM solutions and search and analytics engines such as QRadar, Splunk, ArcSight, ELK,
- Experience with programming and Scripting languages: most notably Perl, Ruby, and Python.
- Experience with text manipulation tools, such as SED, AWK and grep.
- Experience with penetration testing tools such as Metasploit, CORE Impact, or Kali Linux.
- Web Application Security Development. (OWASP);
- Knowledge of popular cryptography algorithms and protocols: AES, RSA, MD5, SHA, Kerberos, SSL/TLS, Diffie Hellman.
- Knowledge of some NIDS/NIPS or HIDS/HIPS tools.
- Knowledge of media forensics and analysis tools.
- Knowledge of automation of data interfacing and machine to machine communication.
If you are interested then please send your CV to (see below) - (French or Dutch speaking candidates only)