As a CSIRT Officer you will join the CISO Cybersecurity Center of Excellence team within the NMBS CISO organization . You will contribute to the daily security incident preparation, detection and response activities including threat detection, incident handling, threat hunting as well as propose and execute improvement actions, interact with the staff of NMBS (including its affiliates) and the security services providers.
Incident handling and response
As member of a dynamic CSIRT team you will need to be able to respond adequately to cyber security incidents by working together with fellow CSIRT officers and any possible stakeholders.
This includes:
Threat detection and hunting
As the CSIRT officer, you will also be responsible for threat detection and hunting. You will use your expertise in security operations to proactively identify threats and vulnerabilities within the organization's infrastructure with the help of the SIEM and custom detection tools. This will involve conducting regular threat hunting exercises to detect potential threats that may have evaded detection by traditional security measures. You will use a variety of tools and techniques to collect and analyze security data to identify anomalous behavior and potential indicators of compromise. Additionally, you will work closely with the the 3rd party SOC team to investigate potential security incidents and provide guidance on threat remediation and mitigation strategies. You are able to read and understand logs (Windows, Linux, network , etc) to analyze system artifacts for signs of compromise.
SIEM Engineering
You will play a critical role to ensure the organization's security posture remains strong. You will develop, maintain, and optimize our SIEM systems to ensure timely detection and response to security incidents. This will involve creating and maintaining use cases and detection rules (based on the MITRE ATT&CK framework), as well as writing playbooks for the SOC team to ensure consistent and effective incident response. Additionally you will automate the response to SIEM and EDR events as much as possible, in order to allow the SOC and the CSIRT to focus on the essentials.
Projects
Next to the core business of our team activities mentioned above, you will also contribute in different projects based on the needs of our team. This can include rolling out a new products or platforms, maintaining it, automate manual tasks with the help of scripts, …
Skills:
Qualifications:
Our offer
Within our open corporate culture, you contribute to the digital transformation of SNCB. You will have a job with social impact and ample opportunity to make your own contribution. In addition to a good work-life balance and a competitive salary, you will receive the following benefits:
Nog een vraag?
Contacteer onze HR Business partner
Katrien Vandeput
Neem contact op
Near Brussels Midi Station
IT Security
fulltime_permanent
Near Brussels Midi Station
IT Security
fulltime_permanent
Near Brussels Midi Station
IT Security
fulltime_permanent
Near Brussels Midi Station
IT Security
fulltime_permanent