Senior SOC Analyst @ itsme

Belgian Mobile ID, known for the innovative itsme app, is one of Europe's fastest-growing scale-ups. In 2017, itsme was founded through a unique collaboration of seven Belgian market leaders from the banking and telecommunications sectors with a clear mission: to offer a state-of-the-art digital identity solution to everyone, enabling secure and seamless interaction in the digital space. itsme has fundamentally changed digital interaction in Belgium and has grown into the country's official mobile identity. With the itsme app, citizens can securely identify themselves, approve transactions, and even digitally sign official documents, without the need for card readers, passwords, or tokens. Today, this results in overwhelming success, with usage by 7 million citizens (more than 80% of the adult population in Belgium). More than 1 million actions are performed daily, and the app has been successfully launched in 26 European countries with the ambition to become an international leader. The itsme solution guarantees the highest security through the unique combination of the app, the mobile phone, and biometric or PIN identification. The service is recognized with the Level of Assurance 'High' e-identification means and as a 'qualified' provider of trust services for electronic signatures in the eIDAS regulation, which ensures the strictest security requirements and legal validity. Role Itsme faces continuous threats from malicious actors seeking unauthorized access to sensitive information. The company's commitment to security is not only a regulatory necessity but also an integral part of delivering a reliable and secure digital identity solution to their users, due to the sensitive nature of a significant portion of their data and services. The Senior SOC Analyst plays a pivotal role in proactively identifying and mitigating these threats through continuous monitoring, incident response, informing stakeholders and intelligence sharing. The Senior SOC Analyst will actively handle emerging threats, minimize security attacks, prevent leaks and develop robust strategies to counter emerging cyber threats. The imperative is to insource Security Operations for the critical parts of the solution to reduce reliance on external partners in order to enhance security and safety, making growth crucial in achieving these objectives. The primary focus of the Senior SOC Analyst includes three key priorities: Blue Teaming - Triage Queue: The analyst will actively engage in blue teaming activities, particularly in managing and prioritizing the triage queue. This involves the assessment and categorization of security incidents for effective response. Threat Hunting: Conducting proactive threat hunting activities to identify potential security threats and vulnerabilities before they manifest into incidents. This involves exploring systems and networks to detect hidden threats. Detection and Monitoring of Current Systems: The Senior SOC Analyst will play a crucial role in the ongoing detection and monitoring of existing systems. This includes continuous surveillance to identify and respond to any suspicious or malicious activities in real-time and define new use cases for monitoring and detection. Other tasks will be: Vulnerability management: The Senior SOC Analyst will provide support for complex exploitation and defense techniques, incident response and remediation; conduct comprehensive system monitoring; identify vulnerabilities; offer support and expertise in designing secure solutions and protection strategies, as well as audits of information security infrastructure. Technical support: Technical support for continuous monitoring and system operations, particularly in target identification and profiling, will be a key responsibility. The Senior SOC Analyst will also provide technical support for forensic services, including evidence seizure. Researching current trends: Furthermore, the Senior SOC Analyst will conduct research and stay adept in open-source and commercial computing resources for exploitation, attack techniques, procedures, and trends. Profile Background and experience A bachelor's degree or equivalent experience. At least 5 years of relevant experience. A strong background in blue teaming and defensive cybersecurity operations is essential. Experience in incident response is the most important aspect. Experience in SOC engineering, specifically with setting up new tools and integrations, and project ownership. Familiarity with vulnerability management is required. Proficiency in Azure or Microsoft family incident response is required. Experience with Splunk is highly valued. Understanding of different EDR systems (endpoint, Office365, cloud) is important, including how to read logs from these technologies. A basic understanding of what to look for regarding malware is part of the blue team scope. Experience with frameworks like NIST and MITRE ATT&CK is required. Nice-to-have experience and skills: Experience with scripting, particularly Python. Familiarity with Palo Alto SOAR (XSOAR). Knowledge of MISP. Experience in pen testing. Capable of some competence in thread hunting, especially proactive hunting (100% cloud, Azure technology would be the best, but all cloud is good). Threat intelligence processing. Identity and access management is good to have. Certifications such as the 508 (incident response part) or MAD20 are good-to-have but not mandatory. Competences You take ownership of your tasks, reach out to your colleagues and can act as a go-to-person You have an open and flexible mindset; you are able to easily adapt to changing contexts You are able to think strategically and maintain a helicopter view You are curious You are eager to continually acquire new knowledge (as Itsme heavily invests in training and certifications) Languages You are fluent in English. Dutch and/or French are a plus. Offer Autonomously make decisions during incident responses. This role requires individuals who can confidently navigate and react to potentially hazardous situations without supervision. Itsme provides a platform for progression from blue teaming to purple and red teaming. The emphasis is on rapid technical learning and extensive training opportunities. The company encourages substantial horizontal growth, allowing individuals to diversify their skills and responsibilities. A fun, enthusiastic and ambitious team in a fast-moving scale-up environment with offices in Brussels, combined with flexibility in terms of remote working A fixed contract, with an attractive compensation package Be a part of their national and international growth Amon is the exclusive recruitment partner for this position. If interested, please do not hesitate to contact Micha Van De Vijver, mvd@amon.be