As a CSIRT Cyber Security officer you will join the CISO Solutions and Services team within the NMBS CISO organization (Cyber- and Information Security Office). You will contribute to the daily incident response activities including threat detection, incident handling, threat hunting as well as propose and execute improvement actions, interact with the staff of NMBS (including its affiliates) and the security services providers.

Incident handling and response

As member of a dynamic CSIRT team you will need to be able to respond adequately to cyber security incidents by working together with fellow CSIRT officers and any possible stakeholders. CSIRT members analyze, isolate and remove threats in a timely fashion and document their cases, create or improve standard operating procedures, playbooks and knowledgebase articles. CSIRT members are able to explain security threats to end-users as well as system, application and network administrators.

Threat detection and hunting

As a CSIRT professional you will be analyzing escalated incidents originating from a 3rd party SOC service and analyze alerts from custom built tools that monitor Active Directory, public exposure and the SNCB brand and analysis of phishing emails reported to CSIRT. You will also perform threat hunting on collected data and contribute to the development of analytical rules and automation.

Vulnerability management

As a CSIRT officer you will collect the vulnerabilities on all NMBS assets, IT as well as OT, interpret and aggregate the results. You provide appropriate support to the risk and compliance teams and technical support to remediate the vulnerabilities with the help of the cyber support team.


  • Bachelor's degree or equivalent experience
  • 3 to 5 years of relevant experience in incident handling, vulnerability management
  • Spoken and written fluency in English and Dutch and/or English and French
  • Competent to analyse processes and propose improvements
  • Interested in Windows and Linux operating systems, networking and applications
  • Experience with security solutions like SIEM, VM, AV, IDS, EDR, …
  • Keyworks like social engineering, scraping, information disclosure, brand monitoring, darkweb, … are known to you
  • Understanding and an interest in different cyber-attack techniques
  • Customer focus and able to handle in an organization-sensitive way
  • Record of responsibility

Our offer

Within our open corporate culture, you contribute to the digital transformation of SNCB. You will have a job with social impact and ample opportunity to make your own contribution. In addition to a good work-life balance and a market-related salary, you have:

  • the possibility to work remotely for up to three days per week + flexible working hours;
  • 35 days of leave;
  • a company car + a public transport pass;
  • a target bonus;
  • a hospitalisation insurance (including dental care) for the entire family, a group insurance and a disability insurance (cafeteria plan), without own contribution;
  • meal cheques and eco-vouchers;
  • net allowances for remote working and carwash + internet budget.
Apply for this job
Apply for this job
Location icon


Department icon

IT Security

Contract type icon


Share this vacancy


3 reasons to choose Ypto 

Icoon uitdagingen: bergtop

Challenging projects

At Ypto, you never stand still. Every day is different and offers the opportunity to be challenged to innovate in order to find the best solution for our customer.

Maatschappelijke impact icoon

Social impact

Through your work, you contribute to the future of Belgian railways and have a tangible impact on millions of people.

Doorgroeimogelijkheden icoon

Growth opportunities

Initiative, trust and self-management are key. You will have the support of your colleagues to develop and the opportunity to grow.

Application procedure

Did you apply for a position at Ypto? Or are you curious about how our application procedure works? We follow the four steps below each time. Depending on the position, an additional interview or assessment may be required.


CV screening

We take a close look at your CV and check whether it matches the profile you are looking for. We may call you briefly to ask about your motivation and experience.


Interviews and questionnaire

If the outcome of this screening is positive, you are invited to a (video) interview with your direct supervisor and your HR Business Partner. During these interviews, we discuss your motivation, knowledge, experience and skills as well as the content of the job. We also talk about the online questionnaire you filled in prior to the interview.


Reference analysis

Finally, we contact the references you will have provided. This way, we can make you out better.


We have a match: welcome to Ypto

Have you been selected? If so, we will be happy to draw up an attractive proposal and welcome you to our organisation.

Spontaneous application

Would you like to work with us on the future of SNCB but cannot immediately find the right vacancy? Then feel free to submit a spontaneous application. Who knows, you might soon be part of our team!