Cybersecurity Incident Responder (EU Institution) - onsite in Brussels

Who are we?

Trasys International is a dynamic global organization that takes pride in being the trusted partner of EU Institutions. With strong commitment to excellence and a 30-years track record of delivering high-quality solutions, we are dedicated to supporting the growth and success of our clients. Our Mission is to help our clients keep up with the challenges of digital transformation by providing the right talent at the right time for the right job. To this end, we are constantly looking for talented professionals who are interested in working on challenging international projects and able to deliver high-quality results within multicultural environments. Our services include (but are not limited to) modernization of solutions, digital workspaces, cloud technologies and IT security. Our Headquarters are in Brussels and we have active accounts and offices across Europe (i.e. Luxembourg, Amsterdam, Athens, Stockholm, Geneva).

Is this YOU?

For one of our main clients based in Brussels - an European Institution, we are looking for a Senior Cybersecurity Incident Responder for a long-term mission at the major EU Institution in Brussels. You will play a crucial role in defining and handling the incident procedures, workflows, and supporting the innovation policies and decisions, enabling the successful implementation of the client's digital transformation and EU policies.

For the needs of the client, you must be based in Belgium/Brussels and work 90-100% onsite and be eligible to work as a freelancer/B2B basis in Belgium.

As a Cybersecurity Incident Responder, you will perform the following tasks:

• Defining incident handling procedures, automation requirements, and playbook logic in alignment with the Client's and operational needs.

• Preparation of incident response workflows, automated enrichment steps, and technical documentation to ensure standardized handling across recurring alert types.

• Handling of cyber security incidents, escalations, ensuring containment and resolution actions are consistently applied.

• Development and maintenance of XSOAR playbooks, integrations, and automations to streamline alert triage, case enrichment, and cross platform coordination (e.g., Splunk, AWS, Azure Sentinel, Carbon Black Cloud, Sysdig).

• Coordination and review of playbook updates, incident reports, and cross team coordination to ensure accuracy, compliance.

• Reporting of key performance metrics (e.g., FP/TP rate, MTTH, escalation rate) and playbook performance (automation coverage, time saved, error reduction).

• Assistance with training other analysts in playbook usage, incident response methodology, and maintaining documentation in the EC’s knowledge base.

• Interaction with CSIRC, CATCH analysts, infrastructure teams, and relevant external stakeholders to validate playbook coverage, share threat intelligence, and ensure service alignment with EC priorities.

#LI-VB1

Are you the perfect match?

• University degree (BSc/MSc).

• Minimum 10 years of experience in IT/cybersecurity.

• Minimum 2 relevant certifications.

• Very good knowledge of incident response methodologies, XSOAR playbook development, and automation logic for cross--platform integration (e.g., Splunk, AWS, Azure Sentinel, Carbon Black Cloud,).

• Strong experience in handling cybersecurity incidents end--to--end, including triage, escalation, containment, and resolution in large--scale or multinational environments.

• Ability to design, implement, and adapt incident workflows and automated enrichment steps efficiently and fast, ensuring operational consistency across recurring alert types. Ability to develop in Python.

• Ability to give business and technical presentations on incident trends, automation performance, and security operations improvements to both technical and non--technical Client stakeholders.

• Ability to apply high quality standards in incident documentation, KPI reporting, and compliance with  Client   security frameworks and regulatory requirements.

• Ability to cope with fast changing technologies used in modern SOC environments, particularly cloud--native services (AWS, Azure), EDR solutions (Defender, Carbon Black Cloud), SIEM/SOAR platforms, and container security (Sysdig).

• Analysis and problem--solving skills to identify root causes, propose automation improvements, and optimize alert handling workflows for efficiency and precision.

• Capability to write clear and structured technical documents, including playbook documentation, incident reports, and operational procedures for the  Client knowledge base.

• Certification or proven practical experience in relevant technologies such as Palo Alto Cortex XSOAR, Splunk, Microsoft Security (SC--200), AWS Security Specialty, Azure Security Engineer.