As a CSIRT Officer you will join the CISO Cybersecurity Center of Excellence team within the NMBS CISO organization . You will contribute to the daily security incident preparation, detection and response activities including threat detection, incident handling, threat hunting as well as propose and execute improvement actions, interact with the staff of NMBS (including its affiliates) and the security services providers.


Incident handling and response

As member of a dynamic CSIRT team you will need to be able to respond adequately to cyber security incidents by working together with fellow CSIRT officers and any possible stakeholders.

This includes:

  • Investigate and respond to level 3/4security incidents, including malware infections, network intrusions, and data breaches
  • Conduct forensic investigations, coordination and analysis of security incidents, regardless of IT, IoT or OT origin
  • Work closely with other members of the SOC, CSIRT and with other teams within the organization, to identify and mitigate security risks
  • Develop and implement incident response plans & procedures, and provide guidance to other members of the organization on security best practices
  • Communicate and report security incident progress to required internal and external stakeholders

Threat detection and hunting

As the CSIRT officer, you will also be responsible for threat detection and hunting. You will use your expertise in security operations to proactively identify threats and vulnerabilities within the organization's infrastructure with the help of the SIEM and custom detection tools. This will involve conducting regular threat hunting exercises to detect potential threats that may have evaded detection by traditional security measures. You will use a variety of tools and techniques to collect and analyze security data to identify anomalous behavior and potential indicators of compromise. Additionally, you will work closely with the the 3rd party SOC team to investigate potential security incidents and provide guidance on threat remediation and mitigation strategies. You are able to read and understand logs (Windows, Linux, network , etc) to analyze system artifacts for signs of compromise.


SIEM Engineering

You will play a critical role to ensure the organization's security posture remains strong. You will develop, maintain, and optimize our SIEM systems to ensure timely detection and response to security incidents. This will involve creating and maintaining use cases and detection rules (based on the MITRE ATT&CK framework), as well as writing playbooks for the SOC team to ensure consistent and effective incident response. Additionally you will automate the response to SIEM and EDR events as much as possible, in order to allow the SOC and the CSIRT to focus on the essentials.


Projects

Next to the core business of our team activities mentioned above, you will also contribute in different projects based on the needs of our team. This can include rolling out a new products or platforms, maintaining it, automate manual tasks with the help of scripts, …

Exigences

Skills:

  • Strong analytical and problem-solving skills, with the ability to identify and respond to security incidents in a timely and effective manner
  • Strong knowledge of security technologies and tools, such as SIEM, EDR, intrusion detection and prevention, firewalls, …
  • Strong understanding of networking protocols and technologies, as well as operating systems
  • Experience with security incident response tools and techniques, including forensics and/or malware analysis
  • Experience with threat hunting and the ability to identify and investigate suspicious activities on the network and systems
  • Experience with SOC Engineering and identifying gaps in our detection capabilities, as well as the ability to automate alert handling
  • Experience with one or more scripting languages: Python, Bash, PowerShell
  • Experience with query languages (Kusto Query Language, SPL, etc)
  • Experience with the administration of Linux systems
  • Familiar with cloud security concepts
  • Passionate about security monitoring, digital forensics, incident response, threat intelligence
  • Spoken and written fluency in Dutch or French
  • Spoken and written fluency in English
  • Customer focus and able to handle in an organization-sensitive way

Qualifications:

  • Bachelor's degree in Computer Science, Information Security, related field or equivalent experience
  • At least 3-5 years of experience in a security-related role, with a focus on incident response and analysis
  • Relevant certifications, such as the GCIH, GCFE, GCFA, GNFA, GCIA, GREM or similar are a plus


Our offer

Within our open corporate culture, you contribute to the digital transformation of SNCB. You will have a job with social impact and ample opportunity to make your own contribution. In addition to a good work-life balance and a competitive salary, you will receive the following benefits:

  • the possibility to work remotely + flexible working hours;
  • 35 days of leave;
  • a company car + a public transport season ticket;
  • a target bonus;
  • a comprehensive insurance package (affiliation without own contribution, excl. outpatient costs for family members);
    • hospitalisation and dental care for the whole family;
    • outpatient costs (= medical costs separate from hospitalisation);
    • group insurance: supplementary pension, work disability and death (cafeteria plan);
    • accidents at work (extralegal);
  • meal vouchers and eco-vouchers;
  • net allowances for remote working and carwash + internet budget.
Postulez pour cette offre d’emploi
Postulez pour cette offre d’emploi
Icône de localisation

Near Brussels Midi Station

Icône du département

IT Security

Icône de type de contrat

fulltime_permanent

Une autre question ?
Veuillez contacter notre HR Business Partner

Jihan Kaichouh
Contactez nous

partager cette offre d'emploi

FacebookWhatsAppEmailLinkedIn

3 raisons de choisir Ypto 

Icoon uitdagingen: bergtop

Projets stimulants

Chez Ypto, personne ne se tourne les pouces. Chaque jour est différent et offre l’occasion de relever des défis pour innover en vue de trouver la meilleure solution pour notre client. 

Maatschappelijke impact icoon

Incidence sociale

Au travers de votre travail, vous contribuez à l’avenir des chemins de fer belges et produisez des effets tangibles sur des millions de personnes.

Doorgroeimogelijkheden icoon

Possibilités de croissance

L’initiative, la confiance et l’autogestion sont au centre de nos activités. Vous bénéficierez du soutien de vos collègues pour vous développer et vous aurez la possibilité d’évoluer.

Procédure de sélection 

Vous avez postulé pour un emploi chez Ypto ? Ou vous vous demandez comment fonctionne notre procédure de sélection ? Les quatre étapes ci-dessous sont systématiquement suivies. En fonction du poste, un entretien ou une évaluation supplémentaire peut être nécessaire. 

1

Screening du C. V.

Nous examinons attentivement votre CV et vérifions s’il correspond au profil recherché. Il est possible que nous vous passions un bref coup de téléphone pour vous interroger sur vos motivations et votre expérience. 

2

Entretiens et questionnaire

Si l’issue de ce screening est positive, vous serez invité à un entretien (vidéo) avec votre dirigeant direct et votre HR Business Partner. Lors de ces entretiens, nous discutons de vos motivations, de vos connaissances, de votre expérience, de vos compétences et du contenu de la fonction. Nous discutons également du questionnaire en ligne que vous aurez rempli avant l’entretien. 

3

Prise de références 

Enfin, nous contactons les personnes que vous avez mentionnées dans les références. De cette façon, nous pouvons encore mieux cerner votre candidature. 

4

C’est gagné : bienvenue chez Ypto !

Vous avez été sélectionné ? Si tel est le cas, nous serons heureux d’élaborer une proposition attrayante et de vous accueillir dans notre organisation. 

Candidature spontanée 

Vous souhaitez travailler à nos côtés pour construire l’avenir de la SNCB mais vous ne trouvez pas l’offre d’emploi adéquate ? N’hésitez pas à nous envoyer une candidature spontanée. Qui sait, peut-être rejoindrez-vous bientôt notre équipe !