Subject Matter Expert Security

Hnm Solutions

2 days ago

Role details

Contract type

Permanent contract

Employment type

Full-time (> 32 hours)

Working hours

Regular working hours

Languages

Dutch, English, French

Job location

Tech stack

Microsoft Windows

AWK (Programming Language)

Computer Security

Computer Programming

Computer Telephony Integration

Digital Forensics

Perl

Intrusion Detection and Prevention

Intrusion Detection Systems

Python

NetFlow

Ruby

Security Information and Event Management

Tcpdump

Wireshark

Web Analytics

Data Logging

Sed (Programming Language)

Snort (Software)

Scripting (Bash/Python/Go/Ruby)

QRadar

Cybercrime

Grep

Splunk

Job description

The purpose of the "Cyber Defence' team is to prepare and to respond to unauthorized cyber activity. This is done by providing the following services:

Proactive - support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks where threat management ensures collection, assessment and sharing of threat information.

Reactive - triggered by a request / incident / event identified by an intrusion detection system or reported by human.

To support those services, Client is looking for an Incident Response Analyst to perform activities as outlined below.

Incident Response & Digital Forensics

· Drive the handling of security incidents by defining and assigning response actions to IT personnel and following-up on their execution;

· For severe incidents, steer and coordinate and ad hoc incident response team to contain, mitigate, eradicate and restore;

· Perform Digital Forensics on a wide range of asset, but particularly on Windows systems;

· Develop reaction plans for handling of security incidents.

· Develop runbooks for handling of security monitoring alerts.

Threat Hunting

· Hunt for potential compromises and other security issues, based on new threat intelligence, gathered by our Threat Analysts or requested Ad-hoc by incident response activity.

Threat Collection and Analysis

· Routinely collect the cyber threat intelligence information using Group CTI platform.

· Execute threat analysis: Identify impacted assets, develop threat scenarios, define a 'kill chain', i.e. step-by-step analysis of the attack, prioritize threats.

Requirements

Do you have experience in Windows?, · Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, perimeter protection, security control point management, etc.);

· Experience with (security) incident management in a SOC, CSIRT or IT environments;

· Experience with (security) logging, monitoring or intrusion detection;

· Passion for Cyber Security;

· Team player;

· Self-starter, pro-active attitude;

· Good communicator;

· Good analytical skills;

· Autonomy, commitment and perseverance;

· Outstanding ability to work under stress in emergency situations;

· Attention to detail while seeing the bigger picture;

· Ability to learn on-the-job and knowledge sharing;

· Solid sense of integrity and identification with the mission;

· Desire for continuous improvement of the Cyber Defence capabilities.

Language skills You can express yourself fluently, both orally and in writing, in English as well you have good spoken & written skills in French and optionally Dutch .

Tools proficiency

· Knowledge of various IDS/IPS, NetFlow , and protocol collection and analysis tools such as Snort, Suricata, Bro, Argus, SiLK, tcpdump, and WireShark;

· Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as QRadar, Splunk, ELK, etc… ;

· Experience with programming and scripting languages: most notably Perl, Ruby, and Python ;

· Experience with text manipulation tools, such as sed, awk and grep.