Cyber Incident & Response Team

Division

Cyber Defense Center (CDC) is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce therisk ofEuroclear cyber threat surface by monitoringfor malicious intent targetedatEuroclearsservices its supporting assets and do thisthrough the Security Operations Centre (SOC) Cyber Incident & Response Team (CIRT) Detection & Response Engineering Team (D&R Eng) and Cyber Threat Management (CTM) capabilities. This includes security incident and event monitoring cyber analytics incident management and forensic analysis cyber threat intelligence vulnerability management penetration testing brand and digital footprint monitoring.

The CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders including customers oversight bodies threat intelligence providers and third parties.

CIRT establishes and executes the security incident response framework to ensure a consistent and effective approach to security incident management. Performs indepth incident reviews impact assessments rootcause analysis and manage stakeholder engagement. Executes forensic analysis/investigations and supports Fraud and Personnel related incident investigations.

Role

In your role as CIRT Analyst you support the incident response capabilities and forensic technologies understand the impact of potential security incidents on complex corporate environments support and assess incident remediation to a conclusion. You will also assist with reporting and stakeholder management activities.

Your primary duties will be:

1. Independently handles investigations within framework of procedures.
2. Owns the incident and leads the resolution even the most complex critical and sensitive cases.
3. Identify any incident/request that requires increased focus and actions necessary to meet committed service levels.
4. Collaborate and work with Threat Intelligence and the SOC personnel to develop automated and integrated incident management processes.
5. Execute / manage the Cyber Security Incident Management process to ensure timely mitigation and escalate to appropriate incident resolver groups leaders. Execute thirdtier incident handling including incident remediation in collaboration with the IT resolver team.
6. Execute / assist in the delivery of the organisations security incident management including coordination and communication with the wider security organisation the business IT and external stakeholders where required.
7. Validate and report deviation of incident response playbooks for various scenarios involving SOC and CIRT personnel.
8. Lead major cyber security incidentsand provide support to the organization whenever cyber incidents handles investigations within framework of procedures.
9. Manage incident response and forensic technologies understand potential security incident impact on complex corporate environments and the ability to assess and manage incidents to a conclusion.
10. Manage reporting and internal/external stakeholder management activities. Requires deep understanding of the business and infrastructure to enable choosing the most efficient and effective proposal to deal with an incident / threat.
11. Oversee root cause analysis for major cyber security incidents ensuring that the suitable problem management issue management or risk management processes are followed as well as tracking issues through to resolution.
12. Forensics: technical expertise to gather and preserve digital evidence; investigative skills to think outside the box to build up a picture by combing through various sources of information; integrity to deal with sensitive and confidential matters.
13. Execute & Assist in forensic investigations into potential or confirmed incidents in alignment with company guidelines.
14. Ensure preservation of digital evidence throughout investigations; escalate exceptions to experienced team members.
15. Expert interface for legal cases related to Euroclear how to build case from cyber perspective.
16. Engage in industry wide cyber exercises.
17. May provide evidence in court and act as representative in fraud forum.
18. Developingand implementing of supporting processes exercising and acceptance of the framework and processes before it goes live.
19. Support engagement with Threat Intelligence and the CDC personnel to develop integrated incident management processes.
20. Develop and maintain close working relationships with centrally and locallybased device owners business stakeholders business/application/solution architecture application IT & operational teams.

Technical skills

• Information Security related experience
• 3 years expertise in incident response
• Good knowledge of at least of these Operating Systems: Windows Unix/Linux
• Good knowledge of networking (TCP/IP)
• Good knowledge of forensic technique and process
• Good knowledge of evidence collection including chain of custody
• Good knowledge of cloud evidence collection and forensics capabilities
• Good knowledge of both live and offline acquisition techniques
• Good knowledge of memory analysis
• Knowledge of Python or PowerShell Scripting
• Excellent English communication skills (written and oral)

Assets

• Certifications GIAC Certified Incident Handler (GCIH) Forensic Analyst (GCFA) Forensic Examiner (GCFE) GIAC Reverse Engineering Malware (GREM) or other equivalent technical certifications.
• Knowledge of network traffic analysis and forensics
• Knowledge of the following technologies: firewalls IDS proxy WAF Active Directory EDR antivirus ...
• Experience with vulnerability management & threat management vulnerability scanning Data Loss Prevention (tools and processes)
• Knowledge of IDA or other decompilation tools
• Knowledge of network traffic analysis and forensics
• Knowledge of zOS Tandem

Soft skills

• Good security mindset.
• Able to work autonomously.
• Sense of urgency and able to apply a riskbased approach to prioritize work.
• A problem solver: you recognize underlying issues and problems; you analyze root causes and define solutions accordingly.
• Eager to work with challenging and technical concepts; You are ready to dive into modern technologies and extend your own expertise.
• Reporting and continuous improvement mindset.
• You have good influencing/persuasion skills obtaining approval of others with good arguments appropriate influencing methods and a certain natural authority (persuasion);
• You examine matters from a distance and put them in a broader context and time perspective (vision);
• A teamfocused mentality with ability to work & collaborate effectively in a team environment.
• Good leadership and communication skills whether on the field in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills.
• Capability to ensure confidentiality and discretion in performing sensitive tasks.
• At ease in a fastchanging environment with a flexible and pragmatic mindset.
• Accurate acting with attention to details
• Can express wellfounded opinions and positions and understanding their consequences (judgement)
• You examine matters from a distance and putting them in a broader context and time perspective (vision)
• Good leadership and communication skills whether on the field in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
• At ease in a fast changing environment flexible and pragmatic openminded
• Project Management appetite
• Client focus and delivery oriented
• Capability to ensure confidentiality and discretion in performing sensitive tasks
• Reporting and continuous improvement mindset
  
  #LINS1