Requirements: English
Company: Next Ventures
Region: brussels region, belgium , Brussels
Job Title: CSIRT Level 3 Specialist
Location: Benelux
Work Setting: Hybrid (Office-based with remote flexibility)
About the Team
Our Cybersecurity Incident Response Team (CSIRT) supports organizations across Belgium and Luxembourg by proactively managing and responding to cybersecurity threats. With extensive experience in incident handling and digital forensics, the team manages a broad range of cases each yearfrom malware outbreaks and ransomware attacks to advanced persistent threat (APT) investigations. Our focus is on balancing hands-on incident response with continuous research and improvement to ensure lasting resilience and team engagement.
Role Overview
As a Level 3 Incident Handler & Digital Forensic Investigator, you will play a critical role in managing complex cybersecurity incidents. Youll lead forensic investigations, identify attacker behavior, provide guidance on mitigation strategies, and contribute to the development of detection capabilities and tools. The position combines technical expertise, client communication, and innovation.
Key Responsibilities
Advanced Incident Handling & Forensics
- Lead investigations into advanced cybersecurity incidents such as targeted attacks, data breaches, and ransomware infections
- Perform deep-dive host and network forensics using tools like Volatility, Log2Timeline, Wireshark, and Snort
- Analyze event logs, endpoint data, and network traffic to determine root cause and impact
- Define and execute containment and remediation strategies in collaboration with client teams
Threat Analysis & Detection Engineering
- Identify attacker TTPs (tactics, techniques, and procedures) to enhance threat detection and intelligence
- Create and refine detection use cases for integration into Security Operations Center (SOC) monitoring systems
- Participate in purple teaming efforts to validate and improve detection and response processes
Tool Development & Automation
- Develop internal tools to support forensic analysis and automate response workflows
- Contribute to scripts and utilities to increase the speed and efficiency of investigations
Client Advisory & Collaboration
- Act as a trusted advisor during critical incidents, guiding stakeholders through containment and recovery
- Deliver post-incident reports and recommend improvements in security posture
- Provide training and knowledge sharing sessions for client technical teams
Ongoing Development & Research
- Stay current with emerging threats, attack techniques, and cybersecurity technologies
- Contribute to internal documentation, playbooks, and best practices
- Support R&D initiatives to evolve CSIRT capabilities
Qualifications
Required
- Strong hands-on experience in incident response and digital forensics
- Deep knowledge of Windows and Unix/Linux operating systems
- Experience analyzing security logs, memory dumps, and network traffic
- Proficiency with forensic tools and frameworks (Volatility, Wireshark, Log2Timeline, Snort)
- Strong scripting skills, especially in Python 3
- Solid understanding of threat intelligence and attacker methodologies
- Excellent problem-solving skills and ability to manage high-pressure situations
- Effective communication skills and ability to deliver technical findings clearly
- Fluency in English (B2 or above)
Preferred
- Relevant certifications such as GCIH, GREM, GCFA, GNFA, or similar
- Knowledge of OT/SCADA environments, macOS systems, or cloud platforms
- Programming experience in languages like C, C++, Assembly, or .NET
- Fluency in Dutch or French is a plus
for more information and to apply contact me at jude.russell@next-ventures.com