Division
Cyber Defense Center (CDC) is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear’s services, its supporting assets, and people. We do this through the Security Operations Centre (SOC), Cyber Incident & Response Team (CIRT), Detection & Response Engineering Team (D&R Eng), and Cyber Threat Management (CTM) capabilities. This includes security incident and event monitoring, cyber analytics, incident management and forensic analysis, cyber threat intelligence, vulnerability management, penetration testing, brand, and digital footprint monitoring.
The CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties.
CIRT establishes and executes the security incident response framework to ensure a consistent and effective approach to security incident management. Performs in-depth incident reviews, impact assessments, root-cause analysis and manage stakeholder engagement. Executes forensic analysis/investigations and supports Fraud and Personnel related incident investigations.
Role
In your role as CIRT Analyst you support the incident response capabilities and forensic technologies, understand the impact of potential security incidents on complex corporate environments, support and assess incident remediation to a conclusion. You will also assist with reporting and stakeholder management activities.
Your primary duties will be:
1. Independently handles investigations within framework of procedures.
2. Owns the incident and leads the resolution, even the most complex, critical and sensitive cases.
3. Identify any incident/request that requires increased focus and actions necessary to meet committed service levels.
4. Collaborate and work with Threat Intelligence and the SOC personnel to develop automated and integrated incident management processes.
5. Execute / manage the Cyber Security Incident Management process to ensure timely mitigation and escalate to appropriate incident resolver groups leaders. Execute third-tier incident handling including incident remediation in collaboration with the IT resolver team.
6. Execute / assist in the delivery of the organisation’s security incident management including coordination and communication with the wider security organisation, the business, IT and external stakeholders where required.
7. Validate and report deviation of incident response playbooks for various scenarios involving SOC and CIRT personnel.
8. Lead major cyber security incidentsand provide support to the organization whenever cyber incidents occur. Independently handles investigations within framework of procedures.
9. Manage incident response and forensic technologies, understand potential security incident impact on complex corporate environments and the ability to assess and manage incidents to a conclusion.
10. Manage reporting and internal/external stakeholder management activities. Requires deep understanding of the business and infrastructure to enable choosing the most efficient and effective proposal to deal with an incident / threat.
11. Oversee root cause analysis for major cyber security incidents ensuring that the suitable problem management, issue management or risk management processes are followed as well as tracking issues through to resolution.
12. Forensics: technical expertise to gather and preserve digital evidence; investigative skills to think outside the box to build up a picture by combing through various sources of information; integrity to deal with sensitive and confidential matters.
13. Execute & Assist in forensic investigations into potential or confirmed incidents in alignment with company guidelines.
14. Ensure preservation of digital evidence throughout investigations; escalate exceptions to experienced team members.
15. Expert interface for legal cases related to Euroclear - how to build case from cyber perspective.
16. Engage in industry wide cyber exercises.
17. May provide evidence in court and act as representative in fraud forum.
18. Developingand implementing of supporting processes, exercising and acceptance of the framework and processes before it goes live.
19. Support engagement with Threat Intelligence and the CDC personnel to develop integrated incident management processes.
20. Develop and maintain close working relationships with centrally and locally-based device owners, business stakeholders, business/application/solution architecture, application, IT & operational teams.
Technical skills
21. Information Security related experience
22. 3+ years expertise in incident response
23. Good knowledge of at least of these Operating Systems: Windows, Unix/Linux
24. Good knowledge of networking (TCP/IP)
25. Good knowledge of forensic technique and process
26. Good knowledge of evidence collection, including chain of custody
27. Good knowledge of cloud evidence collection and forensics capabilities
28. Good knowledge of both live and offline acquisition techniques
29. Good knowledge of memory analysis
30. Knowledge of Python or PowerShell Scripting
31. Excellent English communication skills (written and oral)
Assets
32. Certifications GIAC Certified Incident Handler (GCIH), Forensic Analyst (GCFA), Forensic Examiner (GCFE), GIAC Reverse Engineering Malware (GREM) or other equivalent technical certifications.
33. Knowledge of network traffic analysis and forensics
34. Knowledge of the following technologies: firewalls, IDS, proxy, WAF, Active Directory, EDR, antivirus, ...
35. Experience with vulnerability management & threat management, vulnerability scanning, Data Loss Prevention (tools and processes)
36. Knowledge of IDA or other decompilation tools
37. Knowledge of network traffic analysis and forensics
38. Knowledge of zOS, Tandem
Soft skills
39. Good security mindset.
40. Able to work autonomously.
41. Sense of urgency and able to apply a risk-based approach to prioritize work.
42. A problem solver: you recognize underlying issues and problems; you analyze root causes and define solutions accordingly.
43. Eager to work with challenging and technical concepts; You are ready to dive into modern technologies and extend your own expertise.
44. Reporting and continuous improvement mindset.
45. You have good influencing/persuasion skills, obtaining approval of others with good arguments, appropriate influencing methods and a certain “natural authority” (persuasion);
46. You examine matters from a distance and put them in a broader context and time perspective (vision);
47. A team-focused mentality with ability to work & collaborate effectively in a team environment.
48. Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills.
49. Capability to ensure confidentiality and discretion in performing sensitive tasks.
50. At ease in a fast-changing environment, with a flexible and pragmatic mindset.
51. Accurate, acting with attention to details
52. Can express well-founded opinions and positions and understanding their consequences (judgement)
53. You examine matters from a distance and putting them in a broader context and time perspective (vision)
54. Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
55. At ease in a fast changing environment, flexible and pragmatic, open-minded
56. Project Management appetite
57. Client focus and delivery oriented
58. Capability to ensure confidentiality and discretion in performing sensitive tasks
59. Reporting and continuous improvement mindset
#LI-NS1