Security Analytics& Response Orchestration

Security Incident Responder

location The role will be located in Luxembourg or Belgium.
salary Competitive

ENCODE is seeking Security Incident Responders at different seniority levels that will join the team of an Encode client. This role will aim to augment the capabilities of the existing communication and information infrastructure by detecting, analyzing and responding to cyber-attacks and security incidents. These Security Incident Responders will support a multinational organization with multiple European locations and a significant and challenging security infrastructure.

The ideal candidate will have at least 2 years of experience in a Security Incident Handler / Responder role and solid background in Operating Systems and Application level security, Anti-virus technologies, Network Security, Vulnerability Assessments and hands on experience in Malware and Forensics Analysis.

The Security Incident Responder should be competent to work at a high technical level, be a strong team player and be willing to follow applicable processes and procedures while maintaining the flexibility to “think outside the box”.

Location: The role will be located in Luxembourg or Belgium.

Main Responsibilities:

  • Assess incoming incident reports and perform efficient triage. Acknowledge alerts from / to reporter
  • Confirm, classify and coordinate the incidents
  • Define and carry out security incident identification measures
  • Oversee the ongoing analysis activities (Forensics or Reverse Engineering) and analyse data in order to build a comprehensive view of the incident
  • Maintain and share incident documentation:
    • Elaborate the map of the attack / incident (i.e. with tools like MS Visio, Maltego, etc.)
    • Build a reliable timeline of the incident;
    • Maintain a situation report using relevant information sharing tool (i.e. web portal, wiki, etc.)
  • Get involved in the maintenance and the continuous improvement of the standard incident response toolkit
  • Define response strategy (identification, data collection and analysis, containment, eradication, recovery)
  • Perform secure handling, analysis and exchange of cyber security information with relevant stakeholders and trusted partners
  • Contribute to awareness training sessions
  • Provide activity reports to management to demonstrate service SLA and service quality
  • Perform risk, impact and damage assessments

Position Requirements


  • University Degree in Computer Science or Information Technology field
  • Relevant master degree will be considered as an advantage
  • Sound knowledge and experience in the following areas:
    • Operating Systems security, experience working with multiple operating systems
    • Anti-virus technologies
    • Network security
      • Practical level understanding of common TCP/IP-based services and protocols (including DNS, DHCP, HTTP, FTP, SSH, SMTP, etc.)
      • Firewall theory, proxies / reverse proxies, IDS/IPS, etc.
      • Full packet capture analysis, etc.
    • Application level security: web applications, databases, secure development
    • Vulnerability assessment and handling
    • Hands-on experience in the following:
      • Malware reverse engineering and handling malicious code incidents
      • Systems (file and memory) and network forensics analysis, with tools such as FTK, EnCase Enterprise
      • Knowledge of development languages and scripting languages such as Python, C/C++, java, javascript, Perl or Ruby, regular expressions, Linux shell/BASH, Windows Powershell
  • At least 1 year experience with the following products/tools:
    • Volatility
    • EnCase Enterprise & EnCase CyberSecurity of FTK/AD or Mandiant MIR
    • Sift Worksation / Sleuth Kit
  • Strong English written, verbal and communication skills
  • Ability to take ownership of tasks and work as a team member
  • EU citizenship

Certifications Required

  • At least 1 certification among:
    • GPEN (GIAC Certified Penetration Tester)
    • GCED (GIAC Certified Enterprise Defender)
    • GPPA (GIAC Certified Perimeter Protection Analyst)
    • GCFE (GIAC Certified Forensic Examiner)
    • GCFA (GIAC Certified Forensic Analyst)
    • GNFA (GIAC Certified Network Forensic Analyst)
    • CFCE (IACIS Certified Forensic Computer Examiner)
    • CCFP (Certified Cyber Forensics Professional)
    • SCMO (SABSA Certified Security Operations & Service Management Specialist)
    • or an equivalent certification recognized internationally

  • At least 1 certification among:
    • GCIH (GIAC Certified Incident Handler)
    • GCIA (GIAC Certified Intrusion Analyst)
    • ECIH (EC-Council Certified Incident Handler)
    • CSIH (SEI Certified Computer Security Incident Handler)
    • SCPO (SABSA Certified Security Operations & Service Management Practitioner)
    • or an equivalent certification recognized internationally