3D-ICT - CSIRT Officer SAP
Solliciteren
Plaats
Brussels1000
Brussel
België
Contract
Vooltijds, Onbepaalde duurDatum gepubliceerd
2025-11-08Online to:
2026-01-07EUR 15.00 HOUR
3D-ICT - CSIRT Officer SAP
Functie-eisen
As a CSIRT Officer, you will join the CISO Cybersecurity Center of Excellence team within the CISO organization. You will contribute to daily security incident preparation, detection, and response activities, including threat detection, incident handling, and threat hunting. You will also propose and execute improvement actions, and interact with internal staff and security service providers.
Key responsibilities
Incident handling and response: As a member of a dynamic CSIRT team, you will need to be able to respond adequately to cybersecurity incidents by working together with fellow CSIRT officers and any possible stakeholders. This includes:
Investigate and respond to level 3/4 security incidents, including malware infections, network intrusions, and data breaches
Conduct forensic investigations, coordination, and analysis of security incidents, regardless of IT, IoT, or OT origin
Work closely with other members of the SOC, CSIRT, and other teams within the organization to identify and mitigate security risks
Develop and implement incident response plans and procedures, and provide guidance to other members of the organization on security best practices
Communicate and report security incident progress to required internal and external stakeholders
Threat detection and hunting: As a CSIRT officer, you will also be responsible for threat detection and hunting. You will use your expertise in security operations to proactively identify threats and vulnerabilities within the organization's infrastructure with the help of the SIEM and custom detection tools. This will involve conducting regular threat hunting exercises to detect potential threats that may have evaded detection by traditional security measures. You will use a variety of tools and techniques to collect and analyze security data to identify anomalous behavior and potential indicators of compromise. Additionally, you will work closely with the 3rd party SOC team to investigate potential security incidents and provide guidance on threat remediation and mitigation strategies. You are able to read and understand logs (Windows, Linux, network, etc.) to analyze system artifacts for signs of compromise.
SIEM Engineering: You will play a critical role in ensuring the organization's security posture remains strong. You will develop, maintain, and optimize our SIEM systems to ensure timely detection and response to security incidents. This will involve creating and maintaining use cases and detection rules (based on the MITRE ATT&CK framework), as well as writing playbooks for the SOC team to ensure consistent and effective incident response. Additionally, you will automate the response to SIEM and EDR events as much as possible, allowing the SOC and the CSIRT to focus on the essentials.
Projects: Next to the core business of our team activities mentioned above, you will also contribute to different projects based on the needs of our team. This can include rolling out new products or platforms, maintaining them, and automating manual tasks with the help of scripts, etc.
Evaluation criteria
Strong analytical and problem-solving skills, with the ability to identify and respond to security incidents in a timely and effective manner
Strong knowledge of security technologies and tools, such as Sentinel SIEM, EDR, Defender, intrusion detection and prevention systems, Firewalls, etc.
Strong knowledge of Critical Infrastructure technologies and SAP tools
Strong understanding of networking protocols and technologies, as well as operating systems
Experience with security incident response tools and techniques, including forensics and/or malware analysis
Experience with threat hunting and the ability to identify and investigate suspicious activities on the network and systems
Experience with SOC engineering and identifying gaps in detection capabilities, as well as the ability to automate alert handling
Familiar with cloud security concepts
Passionate about security monitoring, digital forensics, incident response, and threat intelligence
Customer-focused and able to operate in an organization-sensitive manner
Conformity criteria
Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience
At least 5-10 years of experience in a security-related role, with a focus on incident response and analysis
Relevant certifications such as GCIH, GCFE, GCFA, GNFA, GCIA, Grem, or similar are a plus
Spoken and written fluency in English
2 days mandatory on-site presence, one of which is Thursday
As a CSIRT Officer, you will join the CISO Cybersecurity Center of Excellence team within the CISO organization. You will contribute to daily security incident preparation, detection, and response activities, including threat detection, incident handling, and threat hunting. You will also propose and execute improvement actions, and interact with internal staff and security service providers.
Key responsibilities
Incident handling and response: As a member of a dynamic CSIRT team, you will need to be able to respond adequately to cybersecurity incidents by working together with fellow CSIRT officers and any possible stakeholders. This includes:
Investigate and respond to level 3/4 security incidents, including malware infections, network intrusions, and data breaches
Conduct forensic investigations, coordination, and analysis of security incidents, regardless of IT, IoT, or OT origin
Work closely with other members of the SOC, CSIRT, and other teams within the organization to identify and mitigate security risks
Develop and implement incident response plans and procedures, and provide guidance to other members of the organization on security best practices
Communicate and report security incident progress to required internal and external stakeholders
Threat detection and hunting: As a CSIRT officer, you will also be responsible for threat detection and hunting. You will use your expertise in security operations to proactively identify threats and vulnerabilities within the organization's infrastructure with the help of the SIEM and custom detection tools. This will involve conducting regular threat hunting exercises to detect potential threats that may have evaded detection by traditional security measures. You will use a variety of tools and techniques to collect and analyze security data to identify anomalous behavior and potential indicators of compromise. Additionally, you will work closely with the 3rd party SOC team to investigate potential security incidents and provide guidance on threat remediation and mitigation strategies. You are able to read and understand logs (Windows, Linux, network, etc.) to analyze system artifacts for signs of compromise.
SIEM Engineering: You will play a critical role in ensuring the organization's security posture remains strong. You will develop, maintain, and optimize our SIEM systems to ensure timely detection and response to security incidents. This will involve creating and maintaining use cases and detection rules (based on the MITRE ATT&CK framework), as well as writing playbooks for the SOC team to ensure consistent and effective incident response. Additionally, you will automate the response to SIEM and EDR events as much as possible, allowing the SOC and the CSIRT to focus on the essentials.
Projects: Next to the core business of our team activities mentioned above, you will also contribute to different projects based on the needs of our team. This can include rolling out new products or platforms, maintaining them, and automating manual tasks with the help of scripts, etc.
Evaluation criteria
Strong analytical and problem-solving skills, with the ability to identify and respond to security incidents in a timely and effective manner
Strong knowledge of security technologies and tools, such as Sentinel SIEM, EDR, Defender, intrusion detection and prevention systems, Firewalls, etc.
Strong knowledge of Critical Infrastructure technologies and SAP tools
Strong understanding of networking protocols and technologies, as well as operating systems
Experience with security incident response tools and techniques, including forensics and/or malware analysis
Experience with threat hunting and the ability to identify and investigate suspicious activities on the network and systems
Experience with SOC engineering and identifying gaps in detection capabilities, as well as the ability to automate alert handling
Familiar with cloud security concepts
Passionate about security monitoring, digital forensics, incident response, and threat intelligence
Customer-focused and able to operate in an organization-sensitive manner
Conformity criteria
Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience
At least 5-10 years of experience in a security-related role, with a focus on incident response and analysis
Relevant certifications such as GCIH, GCFE, GCFA, GNFA, GCIA, Grem, or similar are a plus
Spoken and written fluency in English
2 days mandatory on-site presence, one of which is Thursday
Meer banen van je zoekopdracht
Recruitment Specialist Engineering
- Antwerpen
- 08 november 2025
Service Technieker
- Antwerpen
- 08 november 2025
Zelfstandige uitbater SB Veurne
- Veurne
- 08 november 2025
Technical Consultant
- Ghent
- 08 november 2025
Paralegal
- Ghent
- 08 november 2025
Boekhoud(st)er met ervaring in overheidsopdrachten
- Brussels
- 08 november 2025
Product engineer
- Lommel
- 08 november 2025
3D-ICT - CSIRT Officer SAP
- Brussels
- 08 november 2025
Full Stack Developer
- Brussels
- 08 november 2025
Network / Security Engineer
- Antwerpen
- 08 november 2025
Data Functional Analyst
- Brussels
- 08 november 2025
IT-Planet - MS Dynamics 365 Developer
- Antwerpen
- 08 november 2025
IAM Business Analyst
- Brussels
- 08 november 2025
Export bediende
- Machelen
- 04 november 2025
Tender Assistant
- Bruxelles
- 04 november 2025