Connecting to LinkedIn...

Get similar jobs by email Register →

Security Incident Response Engineer

Job Description

  • Start date: As soon as possible
  • Duration: 6 month+
  • Hours a week: 40

The incident response engineer plays a pivotal role in ensuring the EU environment is sufficiently prepared to prevent, detect and contain such incidents. The engineer is a technical profile who will respond to security incidents with the appropriate actions in line with our standards and using our existing toolset. The engineer ensures timely effective and efficient response and reports the results of the investigation into the regional incident management lead.

Key responsibilities
Be a core member of the security incident management team, responsible for EU region. The role is two-fold

  1. (Technical - Research, design and implement) - As part of global IM team, further develop end-to-end the global technical IM tools and processes in terms of scalability and automation; better detection and quicker as well as more effective response
  2. (Manage - Investigate, Identify and delegate) - Take full ownership of security issues occurring within the EU region. Ensure clear understanding of the issues and timely response by performing appropriate task delegation + follow-up to various sites and IS teams within EU

Technical skills

  • Minimum 4 years background in technical information security and incident response (advanced anti-malware technologies and techniques, outbound web gateways, SIEM) (ideally SOC environment)
  • Strong system engineering base, minimum 5 years (WINTEL server and client primarily + Linux)
  • Technical service desk support background (understand common IT issues and how to resolve)
  • Minimum 5 years in security operations, or IT operations with strong emphasis on system security (client, server, access control, system hardening)
  • Minimum 3 years in security operations, or IT operations with good exposure to non-system specific technical information security controls (network, web, email filtering,…)
  • Well experienced in managing (advanced) end-point protection technologies; anti-malware, HIPS; application whitelisting: privilege management
  • Has worked in a role where there is a requirement to be regularly on duty / on call, using different levels of tickets and associated response times
  • Good exposure to relational databases (Able to write SQL, handle mysql, sql server, postgres) is a plus
  • Experienced in scripting languages and regex (python, bash, perl,…) and system + web interfacing (use of REST/SOAP API, SDKs) to achieve IT/Security service automation
  • Experienced in log management and log correlation (primarily splunk, syslog, graylog)
  • Has good understanding of security incident response (PICERL) and forensics principles (triage, memory acquisition, disk acquisition), why they are required and how they are generally implemented on system level. Proven experience on having applied these procedures on servers or desktops/laptops in previous job engagements is a plus
  • Exposure to handling forensics evidence: collecting evidence (hard disk forensics images), ensuring integrity of evidence.
  • Good understanding of network concepts; routing, switching, transport/application layer protocols
  • Good understanding of web security concepts and technologies: common/modern attack vectors, HTML/HTTP, server vs. client technologies


  • Creative, dynamic, open minded, pro-active and enthusiastic
  • Able to self-control working day in an environment with a lot of freedom
  • Result-focused, able to work under pressure
  • Good interpersonal skills and common sense approach
  • Willing and able to take the lead and to delegate tasks where necessary
  • Follow-up on dependencies of other sites and departments and put pressure where necessary to achieve goal
  • Fluent in English

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call me now.

Ref: 1026890