Job Title: Cyber security Consultant (Splunk)
Location: Brussels, Belgium
Language: English
Duration: ASAP-6 Months with Possible Extension
Work Mode: Hybrid
Work Regime: Full time
JOB DESCRIPTION
We are searching people with Splunk experience.
With experience as detection engineer or experience with creating detection rules, and worked in a SOC before.
Job title: Data Cyber Security Consultant
Role Description:
* The Cyber Security Incident Response Team is a centralized security service, responsible for managing cyber security incidents within the client Group.
* The team is responsible for delivering all relevant services to mitigate an incident as quickly and efficient as possible and to keep (higher) management updated on the progress.
* As a SIEM analyst in CSIRT you are responsible for creating and improving monitoring use cases for the various log sources that are on boarded in the SIEM.
* A strong set of data analytics skills are required for this function.
* Your main objective is to come up with actionable use cases in a security monitoring context that improves the visibility of the environment.
Your role:
* You work actively together with the application and engineering teams on log ingestion tasks.
* You validate the content of the ingested logs at the SIEM.
* You actively collaborate with our Cyber Defense Center and threat Intel team to create and improve existing monitoring use cases.
* You represent CSIRT in meetings with application stakeholders to make sure the right logs are selected and obtained by CSIRT.
* You create dashboards and reports.
* You support the blue team in their response to red team exercises.
You’re Profile:
* Bachelor’s degree in Computer Science/Information Security or equivalent combination of education and experience.
* You have in-depth knowledge of the security aspects of Windows, Linux, internet technology and network protocols.
* Similar experience within a telecommunications environment and technologies is considered of high value.
* Experience with Splunk Enterprise Security is mandatory.
* You have knowledge of a query language (KQL, SPL...).
* Experience within a SOC environment is considered of high value.
* Experience with public cloud (Azure, GCP, AWS...) is considered of high value.