Share this Job
Apply now »

(Senior) Analyst, Cyber Security Monitoring and Incident Response

Requisition Number:  10467
Contract Type:  Permanent

Betzdorf, LU


The jobholder is responsible for monitoring and analysing security events from multiple sources and for autonomously managing security incidents to ensure a coordinated, timely and effective response to security incidents. The jobholder ensures SES security incident response readiness and drives the definition, implementation and continuous improvement of SES’s security incident response framework.

The incumbent operates and continuously improves the vulnerability management process across SES and support key security management processes by collecting, creating and disseminating threat intelligence within the organization as well as partner organizations.


Extended Job Description:

Job Description



Security Monitoring

  • Monitor, analyse, and document security events to identify security incidents (using SIEM and other sources)
  • Maintain an effective log parsing and detection rule base by performing regular rule reviews to improve the false-negative and false-positive rates
  • Ensure the technical infrastructure supporting security monitoring and incident response are healthy and continuously improved
  • Improve detection capabilities by defining new use-cases, implementing corresponding rules and ensuring necessary logs are collected by the SIEM
  • Autonomously work with departments across SES to ensure relevant systems and logs are onboarded to the SIEM
  • Define and maintain relevant KPIs to measure the efficiency and effectiveness of security monitoring and to support its continuous improvement


Incident response

  • Manage security incidents autonomously following the established incident response framework to ensure a coordinated, timely and effective response to security incidents.
  • Perform in-depth technical analyses of security threats and incidents, including malware analysis, network and system forensic analyses
  • Record and document security incidents, (e.g. analysis results, the timeline of events and incident response activities)
  • Perform lessons-learnt sessions and manage the execution of corresponding action plans
  • Ensure SES security incident response readiness by driving the definition, implementation and continuous improvement of SES’s security incident response framework, including
    • relevant policies, processes and procedures,
    • incident response tools and
    • training of actors in the response process
  • Define and maintain relevant KPIs to measure the efficiency and effectiveness of security incident response and to support its continuous improvement.


Threat Intelligence

  • Collect and analyse security information from different information resources to identify relevant threats and vulnerabilities in order to improve security monitoring and incident response
  • Create SES-specific threat intelligence from various data sources, such as managed security incidents, quarantined malware, etc.
  • Disseminate synthesised intelligence information within the organization as well as external organizations, such as CERTs, ISACs or partner organizations.


Vulnerability Management

  • Ensure the execution of effective vulnerability scans and work with system owners to mitigate potentially negative side effects
  • Manage the vulnerability management process to identify and prioritise vulnerabilities in SES’ systems, applications and services and communicate these to system owners
  • Follow-up and cooperate with system owners on to establish mitigation plans for discovered vulnerabilities and to monitor their implementation and effectiveness
  • Identify and disseminate information on critical vulnerabilities within the organization and propose mitigation plans


Other tasks

  • Automate resource-intensive security monitoring, incident response, threat intelligence and vulnerability management tasks using the SOAR platform or other automation tools
  • Create and maintain policies, processes, procedures for all cyber security monitoring functions.
  • Maintain and tune the infrastructure and tools of the cyber security operations function (including but not limited to SIEM platform regarding log sources onboarding, log parsing, rules/alerts/reports definition, SOAR platform, sandboxes, EDR tools, forensics workstations)
  • Provide synthesised intelligence including statistics and KPIs from cyber security operation process to support key security management processes
  • Continuously improve SES’s information security posture by contributing to the definition, implementation of the information security framework.
  • On-call duty as required



  • Very good analytical and problem-solving skills
  • Autonomous with strong self-management skills
  • Good coordination and project management skills
  • Innovative mind
  • Stress resistant and able to manage multiple incidents and tasks at the same time
  • Good written and verbal communication skills
  • Excellent team player
  • Ability to effectively interact with all organization stakeholders



  • Minimum bachelor’s degree in computer science and minimum of 3 years’ industry related experience in computer security and incident response
  • Good experience in security monitoring (SIEM) including analysing and triaging of security events from various sources 
  • Experience in managing security incidents
  • Knowledge of and hands-on experience with state of the art incident response and forensics tools, techniques and tactics
  • Experienced in capturing memory, disk images and network traffic and analysing them for indicators of compromise
  • Good programming and scripting skills in different programming/scripting languages would be an advantage
  • Good understanding of the tools and tactics used by different threat agents
  • Knowledge of computer forensics, security vulnerabilities and exploits
  • Knowledge in system security, application security and network security 
  • Knowledge of security technologies, such as Antivirus, Network and Host Intrusion Detection Systems, Web Proxy/Content Filtering, Authentication technologies, Security Information and Event Management
  • Experience with a top tier SIEM solution (e.g., HP Arcsight, IBM QRadar, Splunk for Security, EMC/RSA Security Analytics) is a plus
  • Relevant security certifications (e.g., GCIH, GCFE, GCFA, GREM, GCIA) and product certifications are a plus
  • Experience in malware analysis and reverse engineering would be an advantage
  • Fluency in English, any other language is considered as an asset
  • Willingness to travel internationally



  • NATO/EU SECRET clearances are considered a strong asset. Candidate must be willing to undergo a security clearance procedure as this position might require holding security clearance
Apply now »