Cyber Security Specialist

Job title: " Cyber Defence Detection Use Case Testing & Adversary Simulation Expert"

Location: Brussels, Belgium (Hybrid)

Duration: one year

Languages: French(C1), English(C1)

Job Description

Mission Context:

The COE (Centre of Expertise) Security department supports Information Technology and Business to enable sound and formal information security risk decision-making by bank management and helps with implementing a proper information security management system.

The purpose of the Cyber Defence team is to prepare for and respond to unauthorized cyber activity. This is done by providing the following services:

Proactive: Support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks where threat management ensures the collection, assessment, and sharing of threat information.

Reactive: Triggered by a request/incident/event identified by an intrusion detection system or reported by a human.

To support those services Client is looking for a Cyber Defence Detection Use Case Testing & Adversary Simulation Expert to perform activities as outlined below.

You will carry the following responsibilities:

Detection Use Case Testing:

• Provide assurance that Use Cases are detecting what they are built to detect.
• Focus on the missing detection of offensive actions for which there is, supposedly, detection logic in place.
• Plan and perform limited adversary simulation of identified missing detections.
• Track discovered vulnerabilities, triage remediation tasks, and assign to system owners.
• Work closely with the Red/Blue Team to test the efficacy of existing alerts and help create new detections.

Continuous Adversary Simulation:

• Execute threat analysis: Identify impacted assets, develop threat scenarios, define a 'kill chain' (step-by-step analysis of the attack), and prioritize threats.
• Identify existing or missing counter-measures (controls & reaction plans) i.e. mapping to bank specificity: enterprise architecture, vulnerability status, latest incidents, and related opportunities for internal control improvement.
• Execute adversary simulation of attacks on identified missing counter-measures.

Technical Experience Required:

Strong knowledge of IT security technology and processes (secure networking, web infrastructure, system security, perimeter protection, etc.)

Experience with security incident management in SOC, CSIRT, or IT environments

Experience with (security) logging, monitoring, or intrusion detection.

Experience in security testing of web applications, mobile applications, APIs, and cloud-hosted applications

Experience with penetration testing tools such as Metasploit, CORE Impact, or Kali Linux

Experience with programming and scripting languages, most notably Perl, Ruby, and Python

Ability to write custom scripts to automate tasks related to finding new vulnerabilities

Must demonstrate knowledge of MITRE's ATT&CK framework

Knowledge of various IDS/IPS, NetFlow, and protocol collection and analysis tools such as Snort, Suricata, Bro, Argus, SiLK, tcpdump, and WireShark

Knowledge of log aggregation, SIEM solutions, and Digital Analytics Platforms such as Splunk, ELK, etc.

Knowledge of Web Application Security Development (OWASP)

Knowledge of popular cryptography algorithms and protocols: AES, RSA, MD5, SHA, Kerberos, SSL/TLS, Diffie Hellman

Knowledge of some NIDS/NIPS or HIDS/HIPS tools