Cybersecurity Incident Responder / SOAR Automation Specialist (2 consultants)
Contract type: Freelance / B2B
Location: Brussels, Belgium
Work mode: Mainly onsite (90–100%)
Duration: Long-term assignment - up to 3 years project
Eligibility: EU nationality required
Role Overview
A large, highly regulated international client is seeking a Cybersecurity Incident
Responder with SOAR/XSOAR automation expertise to support and enhance its
security operations capability.
The role is hands-on and operational, combining end-to-end incident response with
the design, development, and optimisation of automated incident handling
workflows. The successful consultant will work closely with SOC analysts, cyber
defence teams, infrastructure teams, and external stakeholders in a high-maturity
security environment.
Key Responsibilities
• Handle cybersecurity incidents end-to-end, including triage,
investigation, escalation, containment, and resolution.
• Define and maintain incident response procedures, automation
requirements, and playbook logic aligned with operational needs.
• Design, develop, and maintain SOAR / Cortex XSOAR playbooks,
integrations, and automated enrichment workflows.
• Integrate SOAR workflows with security platforms such as SIEM, EDR,
and cloud services.
• Ensure consistent and standardised handling of recurring alert types
through automation and documented workflows.
• Coordinate incident response activities with SOC teams, cyber defence
units, infrastructure teams, and relevant stakeholders.
• Produce high-quality incident reports, technical documentation, and
operational procedures for the internal knowledge base.
• Track and report on operational KPIs (e.g. MTTH, escalation rate,
false/true positive ratio, automation coverage).
• Support training and knowledge transfer for analysts on incident response
methodologies and playbook usage.
• Continuously identify opportunities to improve detection quality,
automation efficiency, and response effectiveness.
Required Skills & Experience
• University degree (Bachelor’s or Master’s) in IT, Cybersecurity, or a related
field.
• Minimum 10 years of experience in IT/cybersecurity, with strong focus
on incident response and SOC operations.
• Proven hands-on experience with SOAR platforms, preferably Palo Alto
Cortex XSOAR.
• Strong experience designing and maintaining automated incident
response playbooks and enrichment workflows.
• Solid programming/scripting experience, particularly Python, for
automation and integration purposes.
• Practical experience with:
• SIEM platforms (e.g. Splunk, Azure Sentinel)
• EDR solutions (e.g. Microsoft Defender, Carbon Black Cloud)
• Cloud environments (AWS and/or Azure)
• Exposure to container security solutions is a plus
• Strong understanding of incident response methodologies and best practices.
• Experience working in large, complex, or multinational environments.
• Excellent analytical and problem-solving skills, with the ability to identify root
causes and propose automation improvements.
• Ability to communicate clearly with both technical and non-technical
stakeholders.
• High standards for documentation, reporting, and operational consistency.
Certifications (Required / Highly Preferred)
• Relevant cybersecurity certifications (minimum 2), such as:
• Palo Alto Cortex XSOAR
• Splunk
• Microsoft Security (e.g. SC-200)
• AWS Security Specialty
• Azure Security Engineer
• Other recognised incident response or cloud security certifications