Security Analyst - Security Incident Response Team

Introduction to the Job 

As a Security Analyst in the Security Incident Response Team (SIRT) you play a crucial role in safeguarding the organization’s security posture.

Role and Responsibilities

Your primary focus will be real-time security monitoring of alerts (Cyber, IT, OT, DLP, Physical), triaging and analyzing low-to-medium risk security alerts, and escalating potential security incidents following established procedures.

Additionally, you will contribute to the continuous improvement of monitoring processes and technologies by providing feedback on false positives and helping enhance and detection capabilities.

The Security Incident Response Team (SIRT) operates within the Security Operations Center (SOC) to minimize the impact of security threats by detecting and responding to incidents in real time. By effectively monitoring alerts and improving security controls, you help ASML operate securely in an evolving security threat landscape.

In this role, you will:

• Continuously monitor security alerting systems for signs of malicious activity or anomalies, adhering to SOC’s 24/7 operational requirements.

• Conduct end-to-end triage and investigation of security alerts, classify their severity, and determine if further escalation is required.

• Identify false positives and propose tuning measures to improve detection accuracy.

• Maintain detailed records of investigations, findings, and actions taken in the incident tracking system.

•  Provide input to enhance security monitoring and detection rules.

• Provide input and support with defining SOAR automation use cases

• Identify compliance and policy violations and provide inputs on improving ASML security posture.

Education and experience

We seek an individual with a strong interest in cybersecurity who is eager to develop expertise in security operations. You should be a team player who thrives in a collaborative environment. The ideal candidate will have:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent.

• Prior internship or hands-on experience in a security/IT role is preferred but not required. Experience with SIEM, EDR, or DLP tools is a plus.

• Having or working toward CompTIA Security+, GIAC, CEH, or similar certifications is desirable.

Skills 

• Analytical Thinking – Ability to interpret security data, detect patterns, and assess risks.

• Attention to Detail – Strong observational skills to identify potential threats.

• Communication – Clear written and verbal communication for reporting findings and collaborating with teammates.

• Willingness to Learn – Adaptability to new technologies, threats, and security practices.

Other Information

• This role requires working in a fast-paced environment and may involve on-call or shift work to support 24/7 security operations.

• The position is primarily office-based, with potential for remote work depending on company policies.

• You must possess a valid work permit for the Netherlands.

This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.

Diversity and inclusion

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

Need to know more about applying for a job at ASML? Read our frequently asked questions.