Security Monitoring & Response Analyst

Security Monitoring & Response Analyst (SIEM, EDR, DLP, SOC, CSIRT) – Banking – Brussels

Rate: 600 – 700 per day

Duration: 1year contract – Initally Remote Working – COVID19

Job description: Security Monitoring

Monitor SIEM, EDR, Data Analytics Platforms and DLP solutions for alerts triggered by pre-defined detection use cases;

• Investigate and qualify those alerts for further handling;
• Provide feedback to engineering team for fine-tuning of detection use cases;
• Develop runbooks for handling of security monitoring alerts.

Incident Response & Digital Forensics

• Drive the handling of security incidents by defining and assigning response actions to IT personnel and following-up on their execution;
• For severe incidents, steer and coordinate and ad hoc incident response team to contain, mitigate, eradicate and restore;
• Perform Digital Forensics on a wide range of asset, but particularly on Windows systems;
• Develop reaction plans for handling of security incidents.

Threat Hunting

Retroactively hunt for potential compromises and other security issues, based on new threat intelligence, gathered by our Threat Analysts.

Threat Collection and Analysis

• Routinely collect the cyber threat intelligence information using Group CTI platform.
• Execute threat analysis: Identify impacted assets, develop threat scenarios, define a ‘kill chain’, i.e. step-by-step analysis of the attack, prioritize threats.
• Identify existing or missing counter-measures (controls & reaction plans) i.e. mapping to bank specificity: enterprise architecture, vulnerability status, latest incidents.
• Operate and populate a threat knowledge management tool.
• Generate reports and share within the relevant parties in the bank.

Required knowledge / Experience

Experience:

• At least 3 years of experience in information security, preferably 5 years.

Technical Experience

Mandatory

• (demonstrate general knowledge of most of the following, with deep understanding in at least one or two areas)
• Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, security control point management, etc.);
• Experience with security incident management in a SOC or CSIRT environment;
• Experience with security monitoring or at least intrusion detection;
• At least basic knowledge of digital forensics practices for Windows systems.

Preferable

• Knowledge of various IDS/IPS, NetFlow, and protocol collection and analysis tools such as Snort, Suricata, Bro, Argus, SiLK, tcpdump, and WireShark;
• Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as QRadar, Splunk, ArcSight, ELK, etc…;
• Experience with programming and scripting languages: most notably Perl, Ruby, and Python;
• Experience with text manipulation tools, such as sed, awk and grep;
• Experience with penetration testing tools such as Metasploit, CORE Impact, or Kali Linux;
• Knowlegde of Web Application Security Development. (OWASP);
• Knowledge of popular cryptography algorithms and protocols: AES, RSA, MD5, SHA, Kerberos, SSL/TLS, Diffie Hellman;
• Knowledge of some NIDS/NIPS or HIDS/HIPS tools.

Soft skills

• Passion for Cyber Security;
• Team player;
• Self-starter, pro-active attitude;
• Good communicator;
• Good analytical skills;
• Autonomy, commitment and perseverance;
• Outstanding ability to work under stress in emergency situations;
• Attention to detail while seeing the bigger picture;
• Ability to learn on-the-job and knowledge sharing;
• Solid sense of integrity and identification with the mission;
• Desire for continuous improvement of the Cyber Defence capabilities.

Please do send across to me the most up to date copy of your CV to eobiechefu@welovesalt.com

This job ad was posted by Salt. To find out more about Salt’s Privacy Policy and how your application is processed, please visit our website https://welovesalt.com/privacy-policy/.