Job Title: Cyber Security Incident Responder

Job Type: Contract

Job Location: Brussels onsite (no remote)

Contract Rate: Euro's 700 per day

CLIENT REQUIRES EU CITIZENS

• Development and maintenance of XSOAR playbooks, integrations, and automations to streamline alert triage, case enrichment, and cross-platform coordination (e.g., Splunk, AWS, Azure Sentinel, Carbon Black Cloud, Sysdig).
• Coordinate and review of playbook updates, incident reports, and cross-team coordination to ensure accuracy, compliance.
• Report of key performance metrics (e.g., FP/TP rate, MTTH, escalation rate) and playbook performance (automation coverage, time saved, error reduction).
• Assist with training other analysts in playbook usage, incident response methodology, and maintaining documentation in the customer’s knowledge base.
• Interact with CSIRC, CATCH analysts, infrastructure teams, and relevant external stakeholders to validate playbook coverage, share threat intelligence, and ensure service alignment with customer priorities.

Specific knowledge skills and expertise

• Very good knowledge of incident response methodologies, XSOAR playbook development, and automation logic for cross-platform integration (e.g., Splunk, AWS, Azure Sentinel, Carbon Black Cloud,).
• Strong experience in handling cybersecurity incidents end-to-end, including triage, escalation, containment, and resolution in large-scale or multinational environments.
• Ability to cope with fast changing technologies used in modern SOC environments, particularly cloud-native services (AWS, Azure), EDR solutions (Defender, Carbon Black Cloud), SIEM/SOAR platforms, and container security (Sysdig).
• Certification or proven practical experience in relevant technologies such as Palo Alto Cortex XSOAR, Splunk, Microsoft Security (SC-200), AWS Security Specialty, Azure Security Engineer.