« All Jobs

CSIRT Incident Handler & Digital Forensic Investigator M/W

Excellium Services SA

Posted 2 weeks ago

You want to join Excellium because…

You are curious, motivated, and passionate!

Integrated within dynamic and passionate teams, you will have the opportunity to fully invest yourself, innovate and create from the latest technologies. You will quickly find your place at Excellium. In order to understand our business, the challenges of our customers and to accompany them we regularly organize meetings, workshops, and training. We will thus help you to develop your skills and position you on stimulating projects, adapted to your profile and enabling you to surpass yourself.

Your team :

Let’s meet CERT-XLM, Excellium Services’ CSIRT. We are an incident response team strong of 12  years’ experience, made of a dozen of highly motived people.

Our goal is to help organizations contain, neutralize, and eradicate cybersecurity threats. We ensure organizations are prepared to face incidents, and we conduct post-mortem investigations when needed.

We address around 70 incident response engagements yearly, from generic forensic investigations to human operated ransomware breach analysis.

To avoid psychological fatigue within the team, we are careful to keep a balance between incident handling and research and development projects.

Your job :

The main duty is to assist organizations face various security incidents. In this task, you will conduct host forensics, and log analysis in support of incident response engagements. You also ensure our customers receive adequate incident response preparation.

Based on the knowledge of TTPs gained from your engagements in incident response, you will develop new detection use cases for Excellium CSOC. Occasionally, you will validate their relevance and implementation in purple team engagement.

A part of your time will also be dedicated to the development and maintenance of our in-house CSIRT tools and applications.

Regular training or workshops with customer or your peers will allow you to share knowledge about incident handling, and you will have opportunities to present your work at security conventions.

PROFILE

Incident Handler

  • Highly motivated, interested in the fields of cyber defense and research.
  • First experience in a similar job or in Cyber-security field (Soc/Pentest)
  • Network Fundamentals – HTTP, DNS, TLS, etc…
  • Understanding of windows & *Nix operating systems
  • Windows events and forensic artifacts understanding.
  • Requires analytical thinking and problem-solving skills.
  • Love in parsing and analysis “dirty and always incomplete” logs.
  • Experience with high level tools (volatility, Log2Timeline) and more advanced ones (grep).
  • Comfortable with command line (we work with Linux)
  • Development: Fluent in reading and writing Python 3
  • English B2 or >

Nice to have but not mandatory:

  • Any related certification GCIH, GCTI, GIME, GNFA etc…
  • Dutch B2 or >

Senior Incident Handler

  • Highly motivated, interested in the fields of cyber defense and research.
  • Significant experience in Incident response
  • Network Deep Understanding – HTTP2/Quic, DoT/DoH, etc..
  • Deep understanding of windows and *Nix operating systems internals
  • Requires analytical thinking and problem-solving skills.
  • Love in parsing and analysis “dirty and always incomplete” logs.
  • Experience with Volatility, Log2Timeline, Misp, IntelMQ, Wireshark, Tshark, Snort
  • Enjoy debugging Python 3. (Sometimes 2, you know forensic tool code base quality)
  • Knows threat Intel promises, understand its limitations.
  • Work calmly and well under pressure
  • Maintain composure while dealing with under stress people.
  • Support the team, help less experienced members, share knowledge
  • Good writing and reporting skills.
  • English B2 or >

Nice to have but not mandatory:

  • Any related certification GCIH, GCTI, GASF, GIME, GREM, GNFA etc…
  • Hands on experience with Cloud, OT/SCADA or Apple environments.
  • Could read X86/64 assembly, C, C++, .NET
  • Dutch B2 or >

If you are passionate about IT Security, if you are curious and on the lookout for the latest news, security flaws and technological advances, then apply!

Application can be submitted in English or French at recruitment@excellium-services.com

Apply now

Choose File
Thank you for your message. It has been sent.
There was an error trying to send your message. Please try again later.

Related job offers

|

Chief Information Security Officer

Posted by

Excellium Services

10 Dec 2024

|

SOC Engineer

Posted by

Excellium Services

19 Oct 2021