Cyber Security Specialist

Job Title: CSIRT Level 3 Specialist

Location: Benelux

Work Setting: Hybrid (Office-based with remote flexibility)

About the Team

Our Cybersecurity Incident Response Team (CSIRT) supports organizations across Belgium and Luxembourg by proactively managing and responding to cybersecurity threats. With extensive experience in incident handling and digital forensics, the team manages a broad range of cases each year—from malware outbreaks and ransomware attacks to advanced persistent threat (APT) investigations. Our focus is on balancing hands-on incident response with continuous research and improvement to ensure lasting resilience and team engagement.

Role Overview

As a Level 3 Incident Handler & Digital Forensic Investigator, you will play a critical role in managing complex cybersecurity incidents. You’ll lead forensic investigations, identify attacker behavior, provide guidance on mitigation strategies, and contribute to the development of detection capabilities and tools. The position combines technical expertise, client communication, and innovation.

Key Responsibilities

Advanced Incident Handling & Forensics

• Lead investigations into advanced cybersecurity incidents such as targeted attacks, data breaches, and ransomware infections
• Perform deep-dive host and network forensics using tools like Volatility, Log2Timeline, Wireshark, and Snort
• Analyze event logs, endpoint data, and network traffic to determine root cause and impact
• Define and execute containment and remediation strategies in collaboration with client teams

Threat Analysis & Detection Engineering

• Identify attacker TTPs (tactics, techniques, and procedures) to enhance threat detection and intelligence
• Create and refine detection use cases for integration into Security Operations Center (SOC) monitoring systems
• Participate in purple teaming efforts to validate and improve detection and response processes

Tool Development & Automation

• Develop internal tools to support forensic analysis and automate response workflows
• Contribute to scripts and utilities to increase the speed and efficiency of investigations

Client Advisory & Collaboration

• Act as a trusted advisor during critical incidents, guiding stakeholders through containment and recovery
• Deliver post-incident reports and recommend improvements in security posture
• Provide training and knowledge sharing sessions for client technical teams

Ongoing Development & Research

• Stay current with emerging threats, attack techniques, and cybersecurity technologies
• Contribute to internal documentation, playbooks, and best practices
• Support R&D initiatives to evolve CSIRT capabilities

Qualifications

Required

• Strong hands-on experience in incident response and digital forensics
• Deep knowledge of Windows and Unix/Linux operating systems
• Experience analyzing security logs, memory dumps, and network traffic
• Proficiency with forensic tools and frameworks (Volatility, Wireshark, Log2Timeline, Snort)
• Strong scripting skills, especially in Python 3
• Solid understanding of threat intelligence and attacker methodologies
• Excellent problem-solving skills and ability to manage high-pressure situations
• Effective communication skills and ability to deliver technical findings clearly
• Fluency in English (B2 or above)

Preferred

• Relevant certifications such as GCIH, GREM, GCFA, GNFA, or similar
• Knowledge of OT/SCADA environments, macOS systems, or cloud platforms
• Programming experience in languages like C, C++, Assembly, or .NET
• Fluency in Dutch or French is a plus

for more information and to apply contact me at [email protected]