CSIRT Officer

Job Location: Belgium
Job Category: Cybersecurity
Job Type: Full Time

As a Cyber Security Incident Response Team Officer, you will join the CISO Solutions and Services team
within the NMBS CISO organization (Cyber- and Information Security Office). You will contribute to
the daily incident detection and response activities including SOC engineering, threat detection,
incident handling, and threat hunting.


Incident handling

As a member of the dynamic CSIRT team, you will need to be able to respond adequately to cyber
security incidents by working together with fellow CSIRT officers and any possible stakeholders (such
as staff of NMBS, security services providers).
This includes:

  • Investigate and respond to security incidents, including malware infections, network
    intrusions and data breaches
  • Conduct forensic investigations and analysis of security incidents, including analysis of
    phishing emails, and security alerts (SIEM, EDR, etc).
  • Work closely with other teams within the organization to identify and mitigate security risks
  • Develop and implement incident response procedures and provide guidance to other
    members of the organization on security best practices

SOC Engineering

  • You will play a critical role to ensure the organization’s security posture remains strong
  • You will develop, maintain, and optimize our SIEM and EDR systems to ensure timely detection
    and response to security incidents. This will involve creating and maintaining use cases and
    detection rules (based on the MITRE ATT&CK framework), as well as writing playbooks for the
    SOC team to ensure a consistent and effective incident response.
  • Additionally, you will automate the response to SIEM and EDR events as much as possible, in
    order to allow the SOC and the CSIRT to focus on the essentials.

Threat detection and hunting

  • As the CSIRT officer, you will also be responsible for threat detection and hunting.
  • You will use your expertise in security operations to proactively identify threats and
    vulnerabilities within the organization’s infrastructure with the help of the SIEM and custom
    detection tools. This will involve conducting regular threat-hunting exercises to detect
    potential threats that may have evaded detection by traditional security measures.
  • You will use a variety of tools and techniques to collect and analyze security data to identify
    anomalous behavior and potential indicators of compromise.
  • Additionally, you will work closely with the 3rd party SOC team to investigate potential
    security incidents and provide guidance on threat remediation and mitigation strategies.
  • You are able to read and understand logs (Windows, Linux, network, etc) and to analyze
    system artifacts for signs of compromise.

Technical skills:

  • Strong analytical and problem-solving skills, with the ability to identify and respond to security
    incidents in a timely and effective manner
  • Strong knowledge of security technologies and tools, such as SIEM, EDR, intrusion detection
    and prevention, firewalls, …
  • Strong understanding of networking protocols and technologies, as well as operating systems
  • Experience with security incident response tools and techniques, including forensics and/or
    malware analysis
  • Experience with threat hunting and the ability to identify and investigate suspicious activities
    on the network and systems
  • Experience with SOC Engineering and identifying gaps in our detection capabilities, as well as
    the ability to automate alert handling
  • Experience with one or more scripting languages: Python, Bash, PowerShell
  • Experience with query languages (Kusto Query Language, SPL, etc)
  • Experience with the administration of Linux systems
  • Familiar with cloud security concepts

Soft skills:

  • Passionate about security monitoring, digital forensics, incident response, threat intelligence
  • Customer focus and able to handle in an organization-sensitive way
  • Spoken and written fluency in English
  • Spoken and written fluency in Dutch and/or French is a plus
  • Bachelor’s degree in Computer Science, Information Security, related field or equivalent
  • At least 3-5 years of experience in a security-related role, with a focus on incident response
    and analysis
  • Relevant certifications, such as the GCIH, GCFE, GCFA, GNFA, GCIA, GREM or similar are a plus