Senior SOC Detection Engineer & L3 Incident Responder (Employed or freelance)
Omschrijving
Let op: de tekst van deze vacature wordt niet automatisch vertaald en kan in een andere taal zijn opgesteld.
Position Overview
This role combines advanced incident response, proactive threat hunting and detection engineering within a high-security SOC environment in the financial sector. The focus is on handling complex cyber incidents, supporting escalations, and continuously improving detection and response capabilities.
📋 Tasks and responsibilities
- Lead investigations and resolution of complex, high-severity cybersecurity incidents.
- Support L1 and L2 analysts during escalations and provide expert technical guidance.
- Perform advanced forensic investigations and root cause analysis.
- Coordinate containment, eradication and recovery actions together with IT and security teams.
- Carry out proactive threat hunting based on threat intelligence, behavioural analysis and attacker TTPs aligned with MITRE ATT&CK.
- Investigate malware, phishing activity, suspicious behaviour and advanced attack techniques.
- Design, build, test and maintain detection use cases, correlation rules and alerting logic across SIEM, EDR and XDR platforms.
- Improve existing detections to reduce false positives and increase overall detection quality.
- Translate threat intelligence into actionable detection content and response improvements.
- Validate detection effectiveness through simulation, adversary emulation and purple team exercises.
- Identify gaps in monitoring, detection and incident response processes, and help improve playbooks, procedures and automation.
- Contribute to SOC reporting, metrics and maturity initiatives.
- Mentor less experienced analysts and support knowledge sharing across the SOC function.
📝Your profile
Experience as: Senior IT Security Analyst / L3 SOC Analyst
Essential skills and expertise
- Proven experience as an L3 Incident Responder in a SOC or comparable cybersecurity environment.
- Strong expertise in detection use case development and continuous improvement.
- Hands-on experience with malware analysis, vulnerability management and advanced incident investigation.
- Very good knowledge of Microsoft Defender XDR, Microsoft Sentinel, Splunk and KQL scripting.
- Ability to work autonomously while collaborating effectively with technical and security stakeholders.
- Strong communication skills, a conscientious approach, a proactive mindset and a strong sense of responsibility.
Additional technical knowledge
- Experience with Microsoft Azure environments.
- Good working knowledge of Windows Server 2016 and later, Linux Red Hat and iOS-related security topics.
- Familiarity with ServiceNow, Stamus and purple teaming is a plus.
Languages
- Dutch or French
- English
Important note
A security screening is required for candidates selected for this position due to the sensitive nature of the environment.
💼 Offer
You will be part of a growing Belgian SME where initiative and personal development are encouraged. We will provide you with an enjoyable work environment with fun colleagues. We will work out a career plan with you, with attention and a budget for extra education/certification. You can count on an attractive salary, supplemented with extra-legal benefits, including a company car.
(Freelance is also possible)