Login

Login

Sign up now
Forgot password?
23 Aug. 2023

Cyber Defence – Security Monitoring & Response Analyst

Job description

Mission context Want to help shape the bank of tomorrow today?
At the bank for a changing world, our employees make change their greatest asset, turning challenges into opportunities. They think ahead to offer customers innovative solutions perfectly suited to their needs. At BNP Paribas Fortis, the country's number one bank, employees enjoy continuous career growth in a rewarding and flexible work environment.
The CoE Security department supports Information Technology and Business Units to develop adequate solutions in Information Security and Risk Management practices.
The mission is: to enable sound and formal information security risk decision making by bank management, and to help with implementing a proper information security management system.

Information Security Strategy of our organization commits to deliver upon four objectives: 1) enable the extended enterprise; 2) Counter cybercrime; 3) Protect our information systems; 4) Manage security risks.
Consequently, the vision of the “CoE Security Cyber Defence’ team is to support Counter cybercrime objective by demonstrably ‘best in class’ preparation and response to unauthorized cyber activity. This is done by providing the following services:
Proactive - support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks where threat management ensures collection, assessment and sharing of threat information.
Reactive - triggered by a request / incident / event identified by an intrusion detection system or reported by human.
To support those services, BNP Paribas Fortis is looking for a Security Monitoring & Response Analyst to perform security monitoring, incident response, digital forensics and threat hunting activities.
Function description Cyber Defence – Security Monitoring & Response Analyst
You will carry the following responsibilities:

Security Monitoring
  • Monitor SIEM, EDR, Data Analytics Platforms and DLP solutions for alerts triggered by pre-defined detection use cases;
  • Investigate and qualify those alerts for further handling;
  • Provide feedback to engineering team for fine-tuning of detection use cases;
  • Develop runbooks for handling of security monitoring alerts.
Incident Response & Digital Forensics
  • Drive the handling of security incidents by defining and assigning response actions to IT personnel and following-up on their execution;
  • For severe incidents, steer and coordinate and ad hoc incident response team to contain, mitigate, eradicate and restore;
  • Perform Digital Forensics on a wide range of asset, but particularly on Windows systems;
  • Develop reaction plans for handling of security incidents.
Threat Hunting
  • Retroactively hunt for potential compromises and other security issues, based on new threat intelligence, gathered by our Threat Analysts.
Threat Collection and Analysis
  • Routinely collect the cyber threat intelligence information using Group CTI platform.
  • Execute threat analysis: Identify impacted assets, develop threat scenarios, define a ‘kill chain’, i.e. step-by-step analysis of the attack, prioritize threats.
  • Identify existing or missing counter-measures (controls & reaction plans) i.e. mapping to bank specificity: enterprise architecture, vulnerability status, latest incidents.
  • Operate and populate a threat knowledge management tool.
  • Generate reports and share within the relevant parties in the bank.

Requirements

Language requirements Dutch Good spoken & written (preferable)
French Good spoken & written (preferable)
English Fluent spoken & written (mandatory)
Education Bachelor/Master or equivalent by experience
Certification
Travel
Telework
  • Expectation: 50% on site & 50% homeworking
Required
Technical experience Mandatory
(demonstrate general knowledge of most of the following, with deep understanding
in at least one or two areas)
  • Good knowledge of IT security technology and processes (secure networking, web infrastructure, system security, security control point management, etc.);
  • First experience working in a SOC or CSIRT environment in a L1 security analyst or monitoring role
  • Experience with reviewing alerts to determine relevancy and urgency by correlating different events and sources
  • Experience with detection and mitigation of phishing attacks
  • Experience managing incidents via ticketing systems such as HPSM and Service Now
  • Ability to follow instructions and processes
  • Familiar with networking concepts, configuration and components
preferable
  • Hand’s on malware analyses skills
  • Experience with Use Case Development and Runbook creation Knowledge of digital forensics practices for Windows systems
  • Comfortable working in Windows and Linux based systems
  • Knowledge of various IDS/IPS such as Cisco Sourcefire and Palo Alto
  • Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as Splunk and ELK
  • Experience working with EDR solutions like Tanium and Mcafee
  • Experience with DDoS solutions and services such as Akamai and F5 WAF based application protections
  • Practical experience with Threat Hunting
  • Basic knowledge of Threat Modelling
  • Know how to interpret and analyse Threat Intelligence information and make it actionable via a CTI platform
  • Experience with DLP solutions like Symantec DLP
  • Knowledgeable about SOAR and automation techniques such as Cortex XSOAR
  • Basic Reverse Engineering skills
  • Can clearly write procedures, documentation and knowledgebase articles
Business experience mandatory
preferable Preferably 5 years in an IT function with at least 3 years of experience in information security.
Soft skills
  • Adhere to processes and procedures
  • Able to work in a rotating shift with on-call duties (24x7)
  • Has the potential to step up, take the lead and stand ground when needed
  • Must be strong Team player
  • Self-starter, pro-active attitude
  • Good communication skills vocally and written on different levels (to a group, towards technical people, end users)
  • Good analytical skills
  • Take ownership and be accountable for everything you do
  • Finish what you start
  • Autonomy, commitment and perseverance
  • Outstanding ability to work under stress in emergency situations
  • Attention to detail while seeing the bigger picture
  • Ability to learn on-the-job and perform knowledge sharing
  • Solid sense of integrity and identification with the mission
  • Desire for continuous improvement of the Cyber Defence capabilities

Location

Brussels

Visitors of this page also checked out these jobs:

COTRAIN uses cookies to remember certain preferences and align jobs interests.