The Cyber Defence team safeguards the organization from unauthorized cyber activity by delivering both proactive and reactive services. These include preparing systems against potential attacks through threat intelligence, securing environments in advance, and responding swiftly to security events detected either automatically or by human reporting. To strengthen these capabilities, our client is seeking an Incident Response Analyst to support incident handling, digital forensics, threat hunting, and threat analysis activities.
Drive the handling of security incidents by defining and assigning response actions and following up on their execution.
Coordinate ad hoc response teams during severe incidents to contain, mitigate, eradicate, and restore.
Perform Digital Forensics across various assets, particularly Windows systems.
Develop reaction plans and runbooks for security incident handling and monitoring alerts.
Conduct threat hunting activities based on new intelligence or incident-driven needs.
Collect cyber threat intelligence using the internal CTI platform.
Execute full threat analysis: identify impacted assets, build threat scenarios, develop kill chains, and prioritize threats.
Strong knowledge of IT security technologies and processes (secure networking, web infrastructure, system security, perimeter protection, etc.).
Experience with security incident management in SOC, CSIRT, or IT environments.
Experience with logging, monitoring, or intrusion detection.
Passion for Cyber Security.
Strong analytical skills and ability to work under pressure in emergency situations.
Excellent communication skills.
Autonomy, commitment, perseverance, and a solid sense of integrity.
Fluent spoken and written English; good spoken and written French.
Good understanding of Dutch (optional but valued).
Ability to see both the fine detail and the bigger picture.
Demonstrated ability to learn on the job and share knowledge.
Knowledge of IDS/IPS, NetFlow, and protocol analysis tools (Snort, Suricata, Bro, Argus, SiLK, tcpdump, WireShark).
Experience with SIEM and log aggregation tools (QRadar, Splunk, ELK, etc.).
Experience with scripting or programming (Perl, Ruby, Python).
Familiarity with text manipulation tools (sed, awk, grep).
