Cyber Incident & Response Team

Division

Cyber Defense Center (CDC) is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear’s services, its supporting assets, and people. We do this through the Security Operations Centre (SOC), Cyber Incident & Response Team (CIRT), Detection & Response Engineering Team (D&R Eng), and Cyber Threat Management (CTM) capabilities. This includes security incident and event monitoring, cyber analytics, incident management and forensic analysis, cyber threat intelligence, vulnerability management, penetration testing, brand, and digital footprint monitoring.

The CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties.

CIRT establishes and executes the security incident response framework to ensure a consistent and effective approach to security incident management. Performs in-depth incident reviews, impact assessments, root-cause analysis and manage stakeholder engagement. Executes forensic analysis/investigations and supports Fraud and Personnel related incident investigations.

Role

In your role as CIRT Analyst you support the incident response capabilities and forensic technologies, understand the impact of potential security incidents on complex corporate environments, support and assess incident remediation to a conclusion. You will also assist with reporting and stakeholder management activities.

Your primary duties will be:

1. Independently handles investigations within framework of procedures. 
2. Owns the incident and leads the resolution, even the most complex, critical and sensitive cases.
3. Identify any incident/request that requires increased focus and actions necessary to meet committed service levels.
4. Collaborate and work with Threat Intelligence and the SOC personnel to develop automated and integrated incident management processes.
5. Execute / manage the Cyber Security Incident Management process to ensure timely mitigation and escalate to appropriate incident resolver groups leaders. Execute third-tier incident handling including incident remediation in collaboration with the IT resolver team.
6. Execute / assist in the delivery of the organisation’s security incident management including coordination and communication with the wider security organisation, the business, IT and external stakeholders where required.
7. Validate and report deviation of incident response playbooks for various scenarios involving SOC and CIRT personnel.
8. Lead major cyber security incidents and provide support to the organization whenever cyber incidents occur. Independently handles investigations within framework of procedures.
9. Manage incident response and forensic technologies, understand potential security incident impact on complex corporate environments and the ability to assess and manage incidents to a conclusion. 
10. Manage reporting and internal/external stakeholder management activities. Requires deep understanding of the business and infrastructure to enable choosing the most efficient and effective proposal to deal with an incident / threat.
11. Oversee root cause analysis for major cyber security incidents ensuring that the suitable problem management, issue management or risk management processes are followed as well as tracking issues through to resolution. 
12. Forensics: technical expertise to gather and preserve digital evidence; investigative skills to think outside the box to build up a picture by combing through various sources of information; integrity to deal with sensitive and confidential matters.
13. Execute & Assist in forensic investigations into potential or confirmed incidents in alignment with company guidelines.
14. Ensure preservation of digital evidence throughout investigations; escalate exceptions to experienced team members.
15. Expert interface for legal cases related to Euroclear - how to build case from cyber perspective.
16. Engage in industry wide cyber exercises.
17. May provide evidence in court and act as representative in fraud forum.
18. Developing and implementing of supporting processes, exercising and acceptance of the framework and processes before it goes live.
19. Support engagement with Threat Intelligence and the CDC personnel to develop integrated incident management processes.
20. Develop and maintain close working relationships with centrally and locally-based device owners, business stakeholders, business/application/solution architecture, application, IT & operational teams.

Technical skills 

• Information Security related experience
• 3+ years expertise in incident response
• Good knowledge of at least of these Operating Systems: Windows, Unix/Linux
• Good knowledge of networking (TCP/IP)
• Good knowledge of forensic technique and process
• Good knowledge of evidence collection, including chain of custody
• Good knowledge of cloud evidence collection and forensics capabilities
• Good knowledge of both live and offline acquisition techniques
• Good knowledge of memory analysis
• Knowledge of Python or PowerShell Scripting
• Excellent English communication skills (written and oral)

Assets

• Certifications GIAC Certified Incident Handler (GCIH), Forensic Analyst (GCFA), Forensic Examiner (GCFE), GIAC Reverse Engineering Malware (GREM) or other equivalent technical certifications.
• Knowledge of network traffic analysis and forensics
• Knowledge of the following technologies: firewalls, IDS, proxy, WAF, Active Directory, EDR, antivirus, ...
• Experience with vulnerability management & threat management, vulnerability scanning, Data Loss Prevention (tools and processes)
• Knowledge of IDA or other decompilation tools
• Knowledge of network traffic analysis and forensics
• Knowledge of zOS, Tandem

Soft skills 

• Good security mindset.
• Able to work autonomously.
• Sense of urgency and able to apply a risk-based approach to prioritize work.
• A problem solver: you recognize underlying issues and problems; you analyze root causes and define solutions accordingly.
• Eager to work with challenging and technical concepts; You are ready to dive into modern technologies and extend your own expertise.
• Reporting and continuous improvement mindset.
• You have good influencing/persuasion skills, obtaining approval of others with good arguments, appropriate influencing methods and a certain “natural authority” (persuasion);
• You examine matters from a distance and put them in a broader context and time perspective (vision);
• A team-focused mentality with ability to work & collaborate effectively in a team environment.
• Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills.
• Capability to ensure confidentiality and discretion in performing sensitive tasks.
• At ease in a fast-changing environment, with a flexible and pragmatic mindset.
• Accurate, acting with attention to details
• Can express well-founded opinions and positions and understanding their consequences (judgement)
• You examine matters from a distance and putting them in a broader context and time perspective (vision)
• Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
• At ease in a fast changing environment, flexible and pragmatic, open-minded
• Project Management appetite
• Client focus and delivery oriented
• Capability to ensure confidentiality and discretion in performing sensitive tasks
• Reporting and continuous improvement mindset
  
  #LI-NS1

Why join us

Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system. 

What We Offer:

• Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries. 
• Practice your talents in a highly professional international environment. 
• Join a learning and development environment with an emphasis on knowledge sharing and training.
• Competitive salary and comprehensive benefits.

New ways of working

Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working. 

Great Place to Work for All

We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.