WHO ARE WE?
It all starts with the mission: NVISO is here to protect European society from potentially devastating cyber attacks. This means we offer cyber security services to private and governmental organizations to help them better prepare for, prevent, detect and respond to cyber security incidents.
All of this is built on four fundamental values that define who we are: We are Proud, We Break Barriers, We Care and No BS!
WHAT WILL YOU DO?
As a Detection Engineer, based in Belgium, you will:
- Develop and maintain NVISO Fusion Center’s use case library following a Detection-as-Code (DaC) approach in a multitenant environment.
- Keep up-to-date on modern attack techniques and build new detection capabilities into SIEM and EDR platforms based on your research.
- Work closely with the SOC Analysts and SOC Engineering teams to ensure the efficacy of deployed detections in the monitored environments.
- Analyse alert statistics to reduce false positives and maintain the alert queue of the SOC at healthy levels.
- Design automation playbooks to enrich alerts, properly triage and remediate security incidents and contribute to multiple phases of the alert’s lifecycle.
- Participate in purple teaming exercises to continuously challenge and improve the existing detections or develop new ones.
- Maintain and expand the existing tooling for automating tedious day-to-day tasks.
- Design procedures and workflows within the team with a scale up mentality.
REQUIREMENTS?
- Completion of a Bachelor's degree or equivalent program in Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics (or equivalent work experience).
- Certifications: GCIA, GPEN, GWAPT, GCIH, GSEC, OSCP, OSCE, OSCP, or similar certification preferable but not required.
- 3+ years of relevant experience in SOC Operations or a SOC related role.
- Experience with modern security information and event management (SIEM) systems like Microsoft Sentinel, Elastic, Cortex XDR or any other industry-leading SIEM platform.
- Knowledge of SIEM query languages like Microsoft Sentinel KQL, Elastic EQL, Kibana KQL or any other query language or event correlation engine from an industry-leading SIEM platform.
- Experience with EDR platforms like Microsoft MDE or Cortex XDR.
- Experience with Git.
- Experience with agile methodologies.
- Experience with scripting languages (Python/PowerShell).
WHAT DO WE OFFER?
At NVISO, we care. We are committed to offering you a highly competitive remuneration package including financial and non-financial components:
- Working and learning from the best people in the European cyber security industry. We have multiple SANS Instructors working at NVISO, our staff has presented at popular hacking conferences (BlackHat, BruCON, OWASP, etc) and all of our technical staff can acquire deep technical security certifications (GSE, GXPN, GREM, GCFA, OSCP, etc)
- An entrepreneurial and agile company, where you will be stimulated and supported in driving new initiatives (either through internal innovation or by improving our service offering), without losing sight of having fun!
- Regular team-building and fun events with legendary off-site events once a year. The location of the next team building is one of the most closely guarded secrets at NVISO… We can however disclose that we’ve visited Lisbon, Dubai and Malta over the past few years
- Our commitment to coach and counsel you and help you grow; each employee receives a personal coach within the team, whose role is to ensure your well-being and helps you grow in your career!
- Flexible working hours and home office possibilities
- Flex Reward Plan
- 32 holidays
IF YOU'RE INTERESTED, PLEASE SEND US YOUR APPLICATION: HERE
WE'RE LOOKING FORWARD TO MEET YOU!