Cybersecurity - Incident Responder

We are currently looking for a Cybersecurity Incident Responder to strengthen the Cronos Europa team. The position is based in Brussels.

Responsibilities

• Defining incident handling procedures, automation requirements, and playbook logic in alignment with structure and operational needs.
• Preparation of incident response workflows, automated enrichment steps, and technical documentation to ensure standardized handling across recurring alert types.
• Handling of cyber security incidents, escalations, ensuring containment and resolution actions are consistently applied.
• Development and maintenance of XSOAR playbooks, integrations, and automations to streamline alert triage, case enrichment, and cross platform coordination (e.g., Splunk, AWS, Azure Sentinel, Carbon Black Cloud, Sysdig).
• Coordination and review of playbook updates, incident reports, and cross team coordination to ensure accuracy, compliance.
• Reporting of key performance metrics (e.g., FP/TP rate, MTTH, escalation rate) and playbook performance (automation coverage, time saved, error reduction).
• Assistance with training other analysts in playbook usage, incident response methodology, and maintaining documentation in the structure's knowledge base.
• Interaction with CSIRC, CATCH analysts, infrastructure teams, and relevant external stakeholders to validate playbook coverage, share threat intelligence, and ensure service alignment with the structure priorities.

Profile

• Very good knowledge of incident response methodologies, XSOAR playbook development, and automation logic for cross platform integration (e.g., Splunk, AWS, Azure Sentinel, Carbon Black Cloud,).
• Strong experience in handling cybersecurity incidents end to end, including triage, escalation, containment, and resolution in large scale or multinational environments.
• Ability to design, implement, and adapt incident workflows and automated enrichment steps efficiently and fast, ensuring operational consistency across recurring alert types. Ability to develop in Python.
• Ability to give business and technical presentations on incident trends, automation performance, and security operations improvements to both technical and non technical stakeholders.
• Ability to apply high quality standards in incident documentation, KPI reporting, and compliance with structure security frameworks and regulatory requirements.
• Ability to cope with fast changing technologies used in modern SOC environments, particularly cloud native services (AWS, Azure), EDR solutions (Defender, Carbon Black Cloud), SIEM/SOAR platforms, and container security (Sysdig).
• Very good communication skills with technical and non technical audiences, ensuring accurate translation of technical findings into actionable business context.
• Analysis and problem solving skills to identify root causes, propose automation improvements, and optimize alert handling workflows for efficiency and precision.
• Capability to write clear and structured technical documents, including playbook documentation, incident reports, and operational procedures for the structure knowledge base.
• Ability to participate in technical meetings and good communication skills, ensuring effective coordination with cyber security analysts, infrastructure teams, and external stakeholders.
• Certification or proven practical experience in relevant technologies such as Palo Alto Cortex XSOAR, Splunk, Microsoft Security (SC 200), AWS Security Specialty, Azure Security Engineer.

Why Cronos Group?

We’ll propose you:

• An attractive salary package
• A good work-life balance environment
• The assurance of working in cutting-edge technologies in an entrepreneurial spirit.
• The opportunity to develop your skills thanks to tailor-made training courses according to your needs
• A good job in a friendly place

If you wish to integrate a dynamic structure on a human scale while working with the latest technologies, don't wait anymore and join Cronos!