On behalf of ESA, (the European Space Agency) Leonardo Belgium (LBe) is looking for multiple SOC professionals to carry out the constitution of a team that will have the unique and exciting opportunity to operate ESA’s new Security Operations Centre (SOC) and contribute to the development of the organization's cyber resilience.
We are looking for professionals willing to commute or relocate to one of the two possible working locations. Work can be carried out from the ESEC in Redu, Belgium, or from the ESOC in Darmstadt, Germany. Full-time presence on-site is required, with a standard daytime Monday to Friday schedule. The following profiles are needed :
-
SOC Analyst L1
-
SOC Analyst L2
-
SOC Analyst L3
-
SOC Manager
More info on ESA new C-SOC project : https://www.esa.int/Space_Safety/New_cyber-security_centre_will_safeguard_ESA_assets_and_missions2
Job description
The main objective of the SOC team is:
-
Security monitoring, in-depth incident analysis, and crisis management support
-
Customer relations, including providing recommendations, continuous service improvement, and incident remediation support
-
Continuous improvements, including the development of process/procedure manuals and participation in the improvement plan for service efficiency and detection rules
The Level 1 SOC Analyst actively monitors security threats and risks involving customers’ infrastructure.
His main responsibilities include:
-
Continuous monitoring of the customers' infrastructure to identify security incident
-
Triaging security alerts
-
Collecting data and context necessary to initiate Level 2 escalation
-
Responding on security incidents
-
Monitoring health of customer security sensors and SIEM infrastructure
-
Delivering scheduled and ad-hoc reports
-
Working closely with L2 and L3 Analysts towards the continuous improvement of the service
The Level 2 SOC Analyst’s goal is to ensure that the SOC team is performing its functions as required and to trouble shoot problematic incidents and events escalated by the L1 Analyst. The L2 Analyst also acts as the technical SME and reports to the L3 Analyst.
His main responsibilities include:
-
Conducting in-depth analysis of security incidents to identify the full kill chain
-
Executing risk hunting activities and conducting threat hunting exercises
-
Undertaking forensic investigations and performing evaluations for L1 and L2 analysts
-
Tracking incident detection and closure, and validating security incidents
-
Generating new use cases for emerging threats and reviewing vulnerability assessment reports with clients
-
Acting as a subject matter expert and expert witness when required
The Level 3 SOC Analyst, also known as the Threat Hunter, is responsible for supporting L2 analysts in responding to complex security issues and proactively looking for threats that may have evaded the organization's defenses.
His main responsibilities include:
-
Supporting L2 analyst responses to complex security issues
-
Proactive hunting for threats that may have bypassed the organization's defenses
-
Discovering and relaying information about new vulnerabilities and emerging cybersecurity trends to the organization
-
Implementing changes in cybersecurity policy based on the information discovered
-
Leading the investigation and response to the most severe security incidents
-
Providing guidance and mentorship to juniors Analysts
-
Developing and refining the organization’s threat intelligence strategy
The SOC Manager is responsible for overseeing the security operations team, providing technical guidance, and managing the team effectively. He plays a crucial role in ensuring the smooth functioning of the security operations team and the overall security posture of the organization.
His main responsibilities include:
-
Supervising the security operations team
-
Providing technical guidance and support
-
Managing the team, including mentoring, and evaluating team members
-
Creating and implementing processes
-
Assessing incident reports
-
Developing and implementing necessary crisis communication plans
Profile
Here are the requirements for each job opening :
Level 1 SOC Analyst:
-
Education: Master’s degree in STEM studies, Computer Science, Cybersecurity, Information Technology, a related field, or Bachelor with equivalent experience
-
Certifications: Entry-level security certifications such as CompTIA Security+, Cisco Certified CyberOps Associate, or equivalent, is desirable but not mandatory
-
Soft skills: Strong skills in regards to teamwork and collaboration, analysis and synthesis, communication, multitasking, and resourcefulness
-
Technical skills: Basic proficiency in shell scripting, log analysis, network protocols, security tools (SIEM, EDR, …), and server OS, mainly Linux and Windows
-
Languages: English CEFR level B2 minimum, both written and spoken
-
Other requirement: Eligible to undergo security clearance procedure (EU citizenship needed)
Level 2 SOC Analyst:
-
Experience Level: Min 4 years in a SOC or cybersecurity role
-
Education: Master’s degree in STEM studies, Computer Science, Cybersecurity, Information Technology, a related field, or Bachelor with equivalent experience
-
Certifications: Security certifications such as Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), or equivalent, is desirable but not mandatory
-
Soft skills: Strong skills in regards to teamwork and collaboration, analysis and synthesis, communication, and multitasking.
-
Technical Skills: Advanced proficiency in security tools (SIEM, EDR, …), mitigation strategies, forensic investigations, and security incident handling
-
Languages: English CEFR level B2 minimum, both written and spoken
-
Other requirement: Eligible to undergo the ESA and EU secret security clearance procedure (EU citizenship needed)
Level 3 SOC Analyst:
-
Experience Level: Min 5 years in a SOC or cybersecurity role
-
Education: Master’s degree in STEM studies, Computer Science, Cybersecurity, Information Technology, a related field, or Bachelor with equivalent experience
-
Certifications: Advanced security certifications such as Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), or equivalent
-
Soft skills: Strong skills in regards to teamwork and collaboration, analysis and synthesis, communication, multitasking, resourcefulness, and leadership
-
Technical skills: In-depth expertise in threat intelligence, root cause analysis, incident response, malware analysis, and proactive threat hunting capabilities. Familiarity with cybersecurity frameworks such as MITRE ATT&CK is a big plus.
-
Languages: English CEFR level B2 minimum, both written and spoken
-
Other requirement: Eligible to undergo security clearance procedure (EU citizenship needed)
SOC Manager:
-
Experience Level: Min 10 years years in cybersecurity, with min 3 years in a management or leadership role
-
Education: Master’s degree in STEM studies, Computer Science, Cybersecurity, Information Technology, a related field, or Bachelor with equivalent experience
-
Soft skills: Strong skills in regards to teamwork, communication, analysis and synthesis, communication, multitasking, leadership, and resourcefulness
-
Certifications: Leadership and management certifications such as Certified Information Security Manager (CISM), Project Management Professional (PMP)
-
Technical skills: In-depth skills in incident response, security tools, strategic planning, crisis management, and SOC management
-
Languages: English CEFR level B2 minimum, both written and spoken
-
Other requirement: Eligible to undergo security clearance procedure (EU citizenship needed)
What do we have to offer?
-
A unique opportunity to join the cutting-edge space sector and to work for the internationally renowned company Leonardo, the Italian leader in Cyber Security
-
The chance to boost your career, and receive trainings to speed up your personal development
-
A competitive salary based on experience, skills and industry requirements