Detection Consultant

Key Responsibilities

• Schedule and host threat workshops utilizing industry-approved methodologies such as DREAD or STRIDE.
• Correlate log events in SIEM solutions with activities which have taken place in the (business) application or technology.
• Query data ingested into customer SIEM environments to assess the practical feasibility of newly proposed detections. 
• Prepare pseudo-logic and work packages for detection engineers who write detections-as-code within the NCC detection repository. 
• Derive new generic detection opportunities from Threat Intelligence reports to further expand NCC’s detection library.   
• Identify potential abuse patterns in customer applications.
• Query large datasets of data in SIEMs (Sentinel & Splunk). 
• Explain (potential) attack paths to customers. 
• Write pseudo-logic for the development of new detections. 
• Track the status of detections under development and share status updates with the customer.
• Obtain feedback from customers on exceptions and allowed behavior during the testing phase of the development of new analytics. 
• Ensure work is up-to-date and tracked in (internal) ticketing system(s).

Skills, Knowledge & Expertise

•  Experience in detection engineering on a range of technologies (SIEM and EDR)
• OR 
• Experience in SOC or Managed Detection Services
• OR 
• Experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security
• Excellent oral and written communication skills.
• Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver.
• Good understanding of IT Systems and platforms from a security context.

• A security mindset and demonstrable experience or knowledge of contemporary attack tactics and techniques.
• Forensics or Incident Response competency would be considered valuable.
• Strong knowledge of the latest threats in security.
• The skills to translate technical attacks to effects in the business (and vice versa).
• Experience in simulating attacks is considered an advantageous skill to enhance other skills
• Experience with SIEM tools, preferably Splunk and Microsoft Sentinel.

• Azure or other cloud technologies,
• Windows Active Directory,
• Windows Operating System fundamentals,
• Networking fundamentals.
• System management technologies
• Identity and access management procedures and technologies

Job Benefits

• A good salary that matches the things you have already done and will do;  
• Flexible working hours and flexibility in working from home or at the office, allowing you to optimally combine your private life with your work;  
• A favorable pension scheme, 26 vacation days (+4 mandatory days off), and 8% holiday pay with a full-time contract;  
• Plenty of development opportunities: you can gain and share knowledge through training, TechTalks, events, and our own Fox Academy;  
• A laptop and business phone. If you use your own phone, you will receive a reimbursement of up to €25 per month;  
• A remote work allowance (for hybrid working);  
• A performance bonus and profit sharing because we value your effort;  
• When we work in the office, we gather every day for a delicious lunch.