Do you have a passion for Cyber Security, especially advanced Managed Detection & Response (MDR)? Does Incident Response, Digital Forensics, Threat Hunting, Threat Intelligence and everything related to Cyber Security feel like second nature to you? Are you a Cyber Defender at heart, driven to strengthen the blue team and help organizations that are under attack? If you answered yes to all of these questions, you might be the perfect fit for our CSIRT Analyst role!
- You handle security alerts/incidents that have been escalated by the SOC Analysts (Tier 2)
- You will handle security alerts and incidents together with your team
- You conduct DFIR assignments, including DFIR readiness assessments
- You participate in the weekly Threat Hunting duty to proactively chase threats through novel Tools, Techniques & Procedures (TTPs)
- You will perform compromise assessments to identify potential compromises and their scope
- You collect Threat Intelligence (IOCs and TTPs)
- You will contribute to Detection Engineering in SIEM, xDR.
- Together with the Red Team you will do Purple Teaming exercises to test and improve defenses
- You contribute to the creation of playbooks in SOAR
- You will co-write processes and procedures related to DFIR, Threat Intelligence, Threat Hunting.
- You will be part of our Incident Response on call service.
What you need to succeed: - At least 3-5 years of experience in a similar position.
- Significant hands-on experience in disk, memory and log acquisition in a forensically sound manner, parsing and deep forensic analysis of extracted artifacts and professional post-incident report writing
- A bachelor or master degree or equivalent through experience.
- A hands-on and proactive mindset with a 'can do' mentality.
- Experience and/or interest in working with the following MDR tools: EDR (CrowdStrike Falcon, MS Defender for Endpoint, Sentinel One, ...), NDR (Vectra, Darktrace, ...), xDR (CrowdStrike Identity Protection, MS Defender for Office/Clouds Apps/Identity/...).
- Knowledge of Security Monitoring with SIEM technologies.
- A passion about the following security capabilities: Security Monitoring, Digital Forensics, Incident Response, Threat Intelligence, Threat Hunting.
