Position Title: Cybersecurity Consultant (Splunk)
Location: Brussels, Belgium
Duration: 6 months with possible extension
Languages: English
Work mode: Hybrid
Job Description:
* We are searching people with Splunk experience.
* With experience as detection engineer or experience with creating detection rules, and worked in a SOC before.
* The Cyber Security Incident Response Team is a centralized security service, responsible for managing cyber security incidents within the Proximus Group.
* The team is responsible for delivering all relevant services to mitigate an incident as quickly and efficient as possible and to keep (higher) management updated on the progress.
* As a SIEM analyst in CSIRT, you are responsible for creating and improving monitoring use cases for the various log sources that are onboarded in the SIEM.
* A strong set of data analytics skills are required for this function.
* Your main objective is to come up with actionable use cases in a security monitoring context that improves the visibility of the environment.
Your role:
* You work actively together with the application and engineering teams on log ingestion tasks.
* You validate the content of the ingested logs at the SIEM.
* You actively collaborate with our Cyber Defense Center and threat intel team to create and improve existing monitoring use cases.
* You represent CSIRT in meetings with application stakeholders to make sure the right logs are selected and obtained by CSIRT.
* You create dashboards and reports.
* You support the blue team in their response to red team exercises.
Your Profile:
* Bachelor’s degree in Computer Science/Information Security or equivalent combination of education and experience.
* You have in-depth knowledge of the security aspects of Windows, Linux, internet technology and network protocols.
* Similar experience within a telecommunications environment and technologies is considered of high value.
* Experience with Splunk Enterprise Security is mandatory.
* You have knowledge of a query language (KQL, SPL..).
* Experience within a SOC environment is considered of high value.
* Experience with public cloud (Azure, GCP, AWS..) is considered of high value.