90% Remote - Incident Response Consultant ~ First week onsite in Luxembourg

Incident Response Consultant at NRB in Trasys International

We are seeking an Incident Response Consultant to join our team at NRB within the Trasys International department. This role offers 90% remote work flexibility, allowing you to collaborate with a global team from the comfort of your own space.

Description of the Tasks:

• Development of managed Threat informed Detection content including translating threat intelligence into documented threat vectors and defining detection objectives to cover the threats

• Designing, developing and deploying managed detection rules via the in house detection engineering framework on the detection platforms operated by the CSOC unit (SIEMs & EDR)

• Contributing to the Threat Detection coverage on Azure IaaS&PaaS tenant protected by Microsoft Sentinel using OpenTIDE and including fine tuning and exclusion management for all deployed rules (CATCH managed rules and Microsoft Defender Analytics)

• Identifying and documenting data sources from client’s networks and systems (activity logs, audit logs, asset or identity reference sets)

• Preparing centralized log collections with searching, hunting, monitoring, and detection capabilities

• Performing proactive operations to identify potentially malicious activity in support of the other clients' teams e.g. CATCH Threat Hunting team or the CSIRC team (Incident Response)

• Assisting in reporting on the development of Detection Engineering capabilities

• Interacting and coordinating changes with the CSIRC (Incident Response) and CEM (Capability Engineering and Management) sectors

Job Requirements for Incident Response Consultant Role

Specific knowledge, skills, and expertise required for the role:

• Very good knowledge and experience in Azure Cloud Security

• Expertise in securing cloud environments using Microsoft Azure Sentinel and Microsoft Defender suite, including hands-on experience with development of KQL queries

• Good knowledge and experience of Splunk, Splunk Enterprise Security, and Splunk Risk Based Alerting

• Advanced experience in Splunk is an asset

• Good knowledge and experience of security monitoring and detection on O365

• Experience with Splunk as a SIEM and with Microsoft Defender suite is an asset

• Certifications in Azure or/and AWS security related topics are strong assets

• Experience and knowledge of Data Science applied to security detection and monitoring is an asset

• Experience in a Detection Engineering context

• Experience with OpenTIDE or equivalent DetectionOps solution is a strong asset

• Experience with DevSecOps principles and Git platforms

• Ability to cope with fast-changing technologies used to secure endpoints and Cloud workload

• Very good communication skills with technical audiences

• Strong analysis and problem-solving skills

• Capability to write clear and structured technical documents

• Ability to participate in technical meetings and good communication skills