NVISO is a pure-play cyber-security consulting firm: our team is composed of security professionals that each have their specific field of expertise, ranging from Information Security Governance, Risk & Compliance to Incident Response, Penetration Testing, Software Security and Training & Awareness. This fantastic blend of skills enables us to help organizations prevent, detect and respond to complex security challenges.
NVISO is also known as a European Cyber Security start-up, currently active in Brussels, Frankfurt and Munich. Through our active investment in Research & Development and partnerships with academic players, we are investigating emerging threats and trends, refining our techniques and developing innovative products that make NVISO a unique player in the market.
Our team is built on the values of Entrepreneurship, Commitment, Integrity, Client-Orientation and Respect, which neatly ties into our mission to be an innovative, trusted and respected security partner for our clients. And we are looking for new colleagues that are as enthusiastic about these values as we are! So come and join us!
To strengthen our CSIRT & SOC team, we are seeking for a Security Analyst with strong technical skills and able to work in teams, to communicate with clients and to deliver high-quality analysis and deliverables.
What we expect can be summarized in one sentence:
The candidate should help NVISO to catch and respond to red teamers and actual adversaries in their attempts to compromise the environments of our customers
In order to help us catch the bad guys, we typically expect the following skillset:
- You have some initial experience (e.g. 1 to 2 years) working in a security monitoring function (working with ArcSight, Splunk, Q-Radar, Elastic,…)
- Excellent working knowledge of computer networks (TCP/IP) & operating systems (Windows, Unix,…)
- Able to analyze logs of different sources including endpoints, cloud applications, network devices and even raw network traffic;
- Able to triage alerts based on criticality;
- Able to finetune existing rules / use cases to optimize automated detection capability;
- Fundamentally understand how attackers operate (e.g. able to explain how a typical attack chain works);
- Experience / knowledge of MITRE ATT&CK as a common framework to describe adversary techniques;
- Good knowledge of key log types commonly seen in corporate environments (Windows event logs, Sysmon, proxy logs, DNS logs…);
Furthermore, the following are considered nice to haves:
- Able to hunt environments to identify suspicious / malicious behavior that was missed by automated alerts / signature-based detection;
- Able to develop SIGMA rulesets for automated detection;
- Experience with offensive security tools & techniques (e.g. Metasploit, Empire, Covenant,…);
- Experience with SOAR platforms such as Palo Alto Cortex XSOAR;
- Professional certifications: GCDA (GIAC Certified Detection Analyst), GMON (GIAC Continuous Monitoring Certification), GCFE (GIAC Certified Forensic Examiner), GCFA (GIAC Certified Forensic Analyst);
- A good sense of humor.
As we want to make sure you are a good fit in the team, we also expect the following:
- Excellent English communication skills (and preferably Dutch or French)
- Ability to prepare and present technical topics in an understandable way
- Excellent customer focus and communication skills
- Ability to prioritize and meet deadlines;
- Team player who works well under pressure;
- Candidates must recognize and deal appropriately with confidential and sensitive information.
- Working and learning from the best people in the cyber security industry in Belgium & Germany. We have SANS Instructors & Authors working at NVISO, our staff has presented at popular hacking conferences (BlackHat, BruCON, etc) and all of our technical staff must acquire deep technical security certifications (GSE, GXPN, GREM, GCFA, OSCP, etc);
- Your personal 5+5 learning budget (5.000 EUR and 5 days) every year. Most of our staff either follow a SANS training each year, or spend their budget on traveling to conferences like Blackhat/Defcon or RSA;
- Contribute to initiatives like the Cyber Security Challenge Belgium;
- An attractive and market-aligned reward package including company car and health insurance.
Interested? Then send your CV and a motivation letter to firstname.lastname@example.org!