Share this job offer

CSIRT Cyber Security Officer

Job description

As a CSIRT Cyber Security officer you will join the CISO S&S (Solutions and Services) team within the SNCB CISO organiszation (Cyber- and Information Security Office). You will contribute to the daily incident response activities including threat detection, incident handling, threat hunting as well as propose and execute improvement actions, interact with the staff of SNCB (including its affiliates) as well as with the security services providers.

Threat detection and hunting:

  • Analyze escalated incidents originating from a 3rd party SOC service 
  • Analyze alerts from custom built tools that monitor Active Directory, public exposure and the SNCB brand 
  • Analyze phishing emails reported to CSIRT
  • Perform threat hunting on collected data and contribute to the development of analytical rules and automation

Incident handling and response:

  • Respond adequately to cyber security incidents by working together with fellow CSIRT officers and any possible stakeholders
  • Analyze, isolate and remove threats in a timely fashion and also document their cases, create or improve standard operating procedures, playbooks and knowledgebase articles. CSIRT members are able to explain security threats to end-users as well as system, application and network administrators.

Vulnerability management:

  • Prepare and run the vulnerability scans on all assets, IT as well as OT
  • Interpret and aggregate the scanning results
  • Provide appropriate support to the risk and compliance teams and technical support to remediate the vulnerabilities with the help of the 3rd line cyber support team


  • Bachelor's degree or equivalent experience
  • 3 to 5 years of relevant experience in incident handling, vulnerability management
  • Competent to analyze processes and propose improvements
  • Solve technical incidents and work together with other technical profiles to address those problems as a team
  • Interested in Windows and Linux operating systems, networking and applications
  • Experience with security solutions like SIEM, VM, AV, IDS, EDR, …
  • Keyworks like social engineering, scraping, information disclosure, brand monitoring, darkweb, … are known to you
  • Understanding and an interest in different cyber attack techniques
  • Customer focus and able to handle in an organization-sensitive way
  • Record of responsibility
  • Spoken and written fluency in English, and Dutch or French; at least passive understanding of both Dutch and French