CSIRT Analyst

Cyber Security is a hot topic for all companies and individuals in this fast-changing world. The broad range of potential impact (from personal to national) and creative exploits make the protection of the integrity, confidentiality and availability of data more and more challenging and resourceful.  By joining Cegeka Security Operations Center, you participate in all technical cyber security related activities, playing an active role in the long-term cyber security strategy in a team where technical knowledge, continuous improvement and self-development are part of the DNA. You will orchestrate the alignment of team members and key resources within the organization during security incidents in order to minimize impact and restore operations in the shortest time frame possible. Alongside your main area of expertise, your input in security monitoring will be highly valued by contributing to the team's development and to improving the customers' experience.  #LI-DM1

• Monitor security events received from customer’s monitored workloads and then take appropriate action based on customer scenario’s and action plans
• Review security alerts escalated by level 2 analysts
• Have a deep knowledge of all SIEM components and tooling, which you will use in your daily activities as an incident responder
• Get energy and satisfaction when analyzing security incidents and alerts. You enjoy getting to the bottom, finding a root cause and assisting customers with mitigation plans
• Are able to use and create threat intelligence and IOC’s in your daily activities
• Follow but also write and maintain incident response procedures, keeping the mission of improving continuously in mind and understanding the threat landscape changes every day
• Maintain the EDR products from a to z: you manage the policies as well as the detections and the response actions
• Support complex incidents with your knowledge of forensic analysis, on logs, memory and disk images
• Contribute to the continuous baselining of detection scenarios for the SOC’s customers, based on findings of incidents
• Perform active threat hunting, using insights, experience and threat actors to look for anomalies in logs and data
• Understand the necessity of a strong process - you contribute to the continuous improvement of every procedure and you support the adaption in other tools such as SOAR

• 3+ years professional experience as a Security Analyst
• Deep technical understanding of the concepts of security incident management, digital forensics, investigating complex security incidents
• Have a very solid knowledge of following technologies: SIEM (Splunk and Sentinel), Forensics toolkit and EDR (Microsoft, CrowdStrike)
• Having a solid basics of the three aspects that form the foundation of cyber security, so you can use them in your daily analytical tasks: Operating systems (Linux and Windows), Networking (firewalling, IDS/IPS, WAF) and scripting (Bash and Python)
• Display flexibility and eagerness to improve yourself every day, since being part of the CSIRT team requires that special focus and mindset
• Having very strong analytical skills to look for the hidden treasure in a security incident, to evaluate current threats, translate it towards actionable items towards Cegeka and its customers
• Creative and ambitious, so showing the ability to support the Cegeka Security Operations Centre to continuously improve and innovate
• English skills - Advanced level