We are a Belgian based Team with a strong network of consultants and Companies active in various business sectors and facing the challenges of the Digital Transformation. The concept is very simple : Once you enter the ecosystem, you can access to our projects and let us make your life a way easier.
Global Security department supports Information Technology and Business Units to develop adequate solutions in Information Security and Risk Management practices. The mission is: to enable sound and formal information security risk decision making by bank management, and to help with implementing a proper information security management system.
Information Security Strategy of our organization commits to deliver upon four objectives:
- Enable the extended enterprise;
- Counter cybercrime;
- Protect our information systems;
- Manage security risks.
Consequently, the vision of the “Global Security Cyber Defence’ team is to support Counter cybercrime objective by demonstrably ‘best in class’ preparation and response to unauthorized cyber activity. This is done by providing the following services: Proactive – support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks where threat management ensures collection, assessment and sharing of threat information. Reactive – triggered by a request / incident / event identified by an intrusion detection system or reported by human. To support those services, our is looking for a Security Monitoring & Response Analyst to perform security monitoring, incident response, digital forensics and threat hunting activities.
In the context of their information security strategy, our client is looking for a Security Monitoring & Response Analyst (Cyber Defence) to perform the following duties:
- Security Monitoring
- Monitor SIEM, EDR, Data Analytics Platforms and DLP solutions for alerts triggered by pre-defined detection use cases;
- Investigate and qualify those alerts for further handling;
- Provide feedback to engineering team for fine-tuning of detection use cases;
- Develop runbooks for handling of security monitoring alerts.
- Incident Response & Digital Forensics
- Drive the handling of security incidents by defining and assigning response actions to IT personnel and following-up on their execution;
- For severe incidents, steer and coordinate and ad hoc incident response team to contain, mitigate, eradicate and restore;
- Perform Digital Forensics on a wide range of asset, but particularly on Windows systems;
- Develop reaction plans for handling of security incidents.
- Threat Hunting
- Retroactively hunt for potential compromises and other security issues, based on new threat intelligence, gathered by our Threat Analysts.
- Threat Collection & Analysis
- Routinely collect the cyber threat intelligence information using Group CTI platform.
- Execute threat analysis: Identify impacted assets, develop threat scenarios, define a ‘kill chain’, i.e. step-by-step analysis of the attack, prioritize threats.
- Identify existing or missing counter-measures (controls & reaction plans) i.e. mapping to bank specificity: enterprise architecture, vulnerability status, latest incidents.
- Operate and populate a threat knowledge management tool.
- Generate reports and share within the relevant parties in the bank.
Is this you ?
- Bachelor/Master Degree or equivalent by experience
- English : fluent spoken & written (mandatory)
- French : good spoken & written (preferable)
- Dutch : good spoken & written (preferable)
- At least 3 years of practical experience in information security, preferably 5 years.
- Mandatory – Demonstrate general knowledge of most of the following, with deep understanding in at least one or two areas :
- Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, security control point management, etc.);
- Experience with security incident management in a SOC or CSIRT environment;
- Experience with security monitoring or at least intrusion detection;
- At least basic knowledge of digital forensics practices for Windows systems.
- Preferable – Technical experience :
- Knowledge of various IDS/IPS, NetFlow, and protocol collection and analysis tools such as Snort, Suricata, Bro, Argus, SiLK, tcpdump, and WireShark;
- Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as QRadar, Splunk, ArcSight, ELK, etc…;
- Experience with programming and scripting languages: most notably Perl, Ruby, and Python;
- Experience with text manipulation tools, such as sed, awk and grep;
- Experience with penetration testing tools such as Metasploit, CORE Impact, or Kali Linux;
- Knowlegde of Web Application Security Development. (OWASP);
- Knowledge of popular cryptography algorithms and protocols: AES, RSA, MD5, SHA, Kerberos, SSL/TLS, Diffie Hellman;
- Knowledge of some NIDS/NIPS or HIDS/HIPS tools.
How we support you ?
- We’ll help and support on the project.
- You’ll benefit from our network and challenges.
- We offer a possibility to build a valuable and easy partnership.
- You’ll have the possibility to be heared and share your knowledge.
- You’ll access missions that fit your current expertise or you can challenge yourself to learn new things.
More projects on : https://afarax.be/jobs/type/freelance/