CSIRT Technical Team Lead

We are seeking an experienced Technical Team Lead for our CSIRT team. This position represents a consultancy mission at a client site through Keystone Solutions, where you will lead a growing team of security engineers, coordinate incident response, and develop technical detection and mitigation strategies. You will be responsible for triage, forensic investigation, root-cause analysis, and improving playbooks and automation. Additionally, you will be co-responsible for the security of our systems by designing and implementing adequate monitoring controls.

• →Design, implement, and maintain a CSIRT infrastructure, including SIEM, SOAR, CTI environment, etc.
• →Automate and script tasks using Python.
• →Set up and utilize open-source tooling.
• →Lead the CSIRT team in planning, prioritization, and ensuring sufficient knowledge within the team.
• →Report on the performance of the CSIRT team, including providing sufficient KPIs.
• →Analyze logs and support incident investigations, including reporting.
• →Draft and maintain technical documentation.
• →Collaborate with team members and stakeholders; support in escalations and change activities.
• →Track and analyze vulnerabilities.
• →Follow up and analyze CTI.

• Minimum 7+ years of experience in a similar role, with in-depth knowledge of encryption, security operations, compliance, vulnerability management, mobile applications, bug bounty programs, blue team expertise, incident response, and forensic capabilities.
• Proven knowledge and experience in highly regulated environments regarding security and compliance.
• In-depth knowledge of implementing and managing security operations tools and SIEM systems, particularly Splunk Enterprise Security.
• Experience securing mobile applications on iOS and Android platforms.
• Experience tracking the latest vulnerabilities and assessing their impact.
• Proven experience with incident response procedures, forensic techniques, and malware analysis.
• Knowledge of relevant regulations and standards in information security.
• Good knowledge of Enterprise Linux and one or more scripting languages (Python, Powershell, ...).
• Excellent problem-solving skills and strong analytical abilities.
• Good communication skills and the ability to effectively communicate with stakeholders at all levels.
• A passion for continuous learning and improvement, and the willingness to stay updated on the latest developments in the field.
• Willingness to work full-time on-site in Brussels (easily accessible by public transport and free underground parking).
• Languages: Dutch and/or French and English (fluent in spoken and written).
• Possession of Belgian nationality and a valid security clearance National, NATO & EU, at least level SECRET.

• Certifications such as OSCP, GCIH, GCIA, GNFA, CISSP, CISM.
• Knowledge of security frameworks and best practices (MITRE ATT&CK, NIST, ...).
• Experience with change management and ITIL processes.

Dutch or French
Level Active knowledge
English
Level Active knowledge

• Problem-solving and analytical skills.
• Practical and hands-on approach.
• Strong communication and team-oriented.
• Meticulous in documentation and configuration management.

If you are ready to tackle technical and strategic challenges in a dynamic consultancy environment, apply today at Keystone Solutions Career Portal.

• Monitoring SLA / KPI - Level: Expert - Most recent: Any time
• Open Source - Level: Expert - Most recent: Any time
• Python - Level: Expert - Most recent: Any time
• SIEM - Level: Expert - Most recent: Any time