The incident response engineer plays a pivotal role in ensuring the EU environment is sufficiently prepared to prevent, detect and contain such incidents. The engineer is a technical profile who will respond to security incidents with the appropriate actions in line with our standards and using our existing toolset. The engineer ensures timely effective and efficient response and reports the results of the investigation into the regional incident management lead
Be a core member of the security incident management team, responsible for EU region. The role is two-fold
(Technical - Research, design and implement) – As part of global IM team, further develop end-to-end the global technical IM tools and processes in terms of scalability and automation; better detection and quicker as well as more effective response
(Manage - Investigate, Identify and delegate) - Take full ownership of security issues occurring within the EU region. Ensure clear understanding of the issues and timely response by performing appropriate task delegation + follow-up to various sites and IS teams within EU
Minimum 4 years background in technical information security and incident response (advanced anti-malware technologies and techniques, outbound web gateways, SIEM) (ideally SOC environment)
Strong system engineering base, minimum 5 years (WINTEL server and client primarily + Linux)
Technical service desk support background (understand common IT issues and how to resolve)
Minimum 5 years in security operations, or IT operations with strong emphasis on system security (client, server, access control, system hardening)
Minimum 3 years in security operations, or IT operations with good exposure to non-system specific technical information security controls (network, web, email filtering,…)
Well experienced in managing (advanced) end-point protection technologies; anti-malware, HIPS; application whitelisting: privilege management
Has worked in a role where there is a requirement to be regularly on duty / on call, using different levels of tickets and associated response times
Good exposure to relational databases (Able to write SQL, handle mysql, sql server, postgres) is a plus
Experienced in scripting languages and regex (python, bash, perl,…) and system + web interfacing (use of REST/SOAP API, SDKs) to achieve IT/Security service automation
Experienced in log management and log correlation (primarily splunk, syslog, graylog)
Has good understanding of security incident response (PICERL) and forensics principles (triage, memory acquisition, disk acquisition), why they are required and how they are generally implemented on system level. Proven experience on having applied these procedures on servers or desktops/laptops in previous job engagements is a plus
Exposure to handling forensics evidence: collecting evidence (hard disk forensics images), ensuring integrity of evidence.
Good understanding of network concepts; routing, switching, transport/application layer protocols
Good understanding of web security concepts and technologies: common/modern attack vectors, HTML/HTTP, server vs. client technologies
Creative, dynamic, open minded, pro-active and enthusiastic
Able to self-control working day in an environment with a lot of freedom
Result-focused, able to work under pressure
Good interpersonal skills and common sense approach
Willing and able to take the lead and to delegate tasks where necessary
Follow-up on dependencies of other sites and departments and put pressure where necessary to achieve goal
Fluent in English
If you are interested in this opportunity please leave your CV and I will contact you.
Riwanna van der Galiën
Candidate Relations Consultant in IT Contracting
Reactie is prive en alleen zichtbaar voor de opdrachtgever en de plaatser van de reactie.
Je moet inloggen voordat je een reactie kunt plaatsen.