Digital forensics and incident response analyst

Digital forensics and incident response analyst

Our Digital Forensics and Incident Response (DFIR) Team has the responsibility for investigating potential cyber incidents affecting the EU institutions, bodies and agencies – our constituents. This includes identification of the threats, in-depth investigation of the incidents, as well as coordination and documentation.

We are currently looking for a DFIR Analyst to join the team in order to:

• Work with other DFIR experts, each one predominantly focused on the specific security domain for which they are most competent, but all closely cooperating as a team, coordinated by the DFIR Team Leader, who reports to the Head of Sector.
• Analyse logs, perform forensics analysis of disk and memory images and draft incident reports
• Seek to improve tools and processes aiming at increasing the efficiency and performance of the team
• Develop their skills as well as learn new ones through a comprehensive training programme involving both internal and external trainings.

Who we look for

The selected candidate should have extensive experience in IT security and must possess knowledge in the following areas:

• Knowledge of Windows, Linux, and macOS operating systems
• Log management and analysis tools
• Tools for packet capture and analysis such as Wireshark or tcpdump
• Web security including understanding of the underlying protocols
• Static artefact analysis including debugging, code de-obfuscation, and reverse engineering basics
• Memory forensics tools such as Volatility
• Disk forensics tools, such as EnCase, FTK, the SleuthKit, RegRipper, etc.
• Experience with Splunk, MS Defender 365, MS Sentinel
• Use of incident management tools.

The selected candidate should also demonstrate the following skills:

• A high level of customer orientation
• Strong analytical and problem solving skills, including the ability to deal with a large amount of information in a limited time
• Ability to establish and maintain effective working relations with coworkers in an international and multi-disciplinary work environment
• A high degree of commitment and flexibility
• Excellent communication skills in English, both orally and in writing
• A focus on constant learning and improvement of technical and personal skills
• Experience with a vast array of IT technologies and the ability to quickly master new ones.

What would make you stand out

The ideal candidate will possess some, or all, of the following:

• Work experience in a complex public sector environment
• Experience in delivering trainings and public presentations.

The candidate must hold a security clearance at EU SECRET level or be in a position to be security cleared.

What we offer

• A friendly and multicultural workplace
• A stimulating and unique environment where personal development, growth and initiative areencouraged
• Continuous learning opportunities
• Working with a supportive and dynamic team with a deep sense of mission
• Flexible scheduling with the possibility to work from home on a part-time basis

Consult theJobs at the European Commission pagefor more information on the working conditions. Please note that the position is based in Brussels, Belgium . Full remote work is not possible at thistime.

Are you eligible

To apply, you have to:

• Be a national of one of the Member States of the European Union
• Be able to provide a certificate of good conduct
• Have fulfilled any legal obligations related to military service
• Be able to produce evidence of thorough knowledge of one of the official EU languages (levelC1)and satisfactory knowledge of a second official EU language (level B2).

Additionally, to be recruited as a contract agent, you must have:

• For function groups II and III:
  • a level of post-secondary education attested by a diploma, or
  • a level of secondary education attested by a diploma giving access to post-secondaryeducation, and appropriate professional experience of at least three years, or
  • professional training or professional experience of an equivalent level, wherejustified in the interest of the service.
• a level of education which corresponds to completed university studies of at leastthree years attested by a diploma, or
• professional training of an equivalent level, where justified in the interest ofthe service.

If so, then apply!

• Send an email [email protected] with your CV (and a motivation letter if possible). Please provide the titleof the position you are applying for in the subject of your email.
• If your skill-set matches the requirements, we will contact you for an informal interview tointroduce you to CERT-EU, get to know you better and answer questions you might have
• If the informal interview goes well, you will need totake a CAST test .Worry not, our wonderful secretariat will supply all the necessary information
• Once you succeed in the CAST test, we will then invite you for a formal interview in view ofa possible recruitment.