OFFER DESCRIPTION
You want to join Excellium because…
You are curious, motivated, and passionate!
Integrated within dynamic and passionate teams, you will have the opportunity to fully invest yourself, innovate and create from the latest technologies. You will quickly find your place at Excellium. In order to understand our business, the challenges of our customers and to accompany them we regularly organize meetings, workshops, and training. We will thus help you to develop your skills and position you on stimulating projects, adapted to your profile and enabling you to surpass yourself.
Your team :
Let’s meet CERT-XLM, Excellium Services’ CSIRT. We are an incident response team strong of 9 years’ experience, made of a dozen of highly motived people.
Our goal is to help organizations contain, neutralize, and eradicate cybersecurity threats. We ensure organizations are prepared to face incidents, and we conduct post-mortem investigations when needed.
We address around 70 incident response engagements yearly, from generic forensic investigations to human operated ransomware breach analysis.
To avoid psychological fatigue within the team, we are careful to keep a balance between incident handling and research and development projects.
Your job :
The main duty is to assist organizations face various security incidents. In this task, you will conduct host forensics, and log analysis in support of incident response engagements. You also ensure our customers receive adequate incident response preparation.
Based on the knowledge of TTPs gained from your engagements in incident response, you will develop new detection use cases for Excellium CSOC. Occasionally, you will validate their relevance and implementation in purple team engagement.
A part of your time will also be dedicated to the development and maintenance of our in-house CSIRT tools and applications.

PROFILE
Incident Handler

• Highly motivated, interested in the fields of cyber defense and research.
• First experience in a similar job or in Cyber-security field (Soc/Pentest)
• Network Fundamentals – HTTP, DNS, TLS, etc…
• Understanding of windows & *Nix operating systems
• Windows events and forensic artifacts understanding.
• Requires analytical thinking and problem-solving skills.
• Love in parsing and analysis “dirty and always incomplete” logs.
• Experience with high level tools (volatility, Log2Timeline) and more advanced ones (grep).
• Comfortable with command line (we work with Linux)
• Development: Fluent in reading and writing Python 3
• English B2 or >

Nice to have but not mandatory:

• Any related certification GCIH, GCTI, GIME, GNFA etc…
• Dutch B2 or >

Senior Incident Handler

• Highly motivated, interested in the fields of cyber defense and research.
• Significant experience in Incident response
• Network Deep Understanding – HTTP2/Quic, Do T/Do H, etc..
• Deep understanding of windows and *Nix operating systems internals
• Requires analytical thinking and problem-solving skills.
• Love in parsing and analysis “dirty and always incomplete” logs.
• Experience with Volatility, Log2Timeline, Misp, Intel MQ, Wireshark, Tshark, Snort
• Enjoy debugging Python 3. (Sometimes 2, you know forensic tool code base quality)
• Knows threat Intel promises, understand its limitations.
• Work calmly and well under pressure
• Maintain composure while dealing with under stress people.
• Support the team, help less experienced members, share knowledge
• Good writing and reporting skills.
• English B2 or >

Nice to have but not mandatory:

• Any related certification GCIH, GCTI, GASF, GIME, GREM, GNFA etc…
• Hands on experience with Cloud, OT/SCADA or Apple environments.
• Could read X86/64 assembly, C, C++, .NET
• Dutch B2 or >

OFFER DETAILS
Contract: Full time
Location :

• BELGIUM : Belgicastraat 13 B-1930 Zaventem, Belgium

OR

• LUXEMBOURG : 5 rue Goell L-5326 Contern, Luxembourg

WHO WE ARE?