Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Digital forensics and incident response incident commander

Contract Agent Function Group IV

COOP - Cooperation
FORCE

What we propose

DIGIT CERT-EU is seeking to hire a truly motivated Digital Forensics and Incident Response (DFIR) Incident Commander with experience in investigating and coordinating potential cyber incidents.

Our Digital Forensics and Incident Response (DFIR) Team has the responsibility for investigating potential cyber incidents affecting the Union entities. This includes identification of the threats, in-depth investigation of the incidents, as well as coordination and documentation.

We are currently looking for an Incident Commander to join the team in order to:

  • Work with other DFIR experts, each one predominantly focused on the specific security domain for which they are most competent, but all closely cooperating as a team, coordinated by the DFIR Team Leader, who reports to the Head of Sector.
  • Lead and coordinate the response to cyber incidents.
  • Seek to improve tools and processes aiming at increasing the efficiency and performance of the team.
  • Develop their skills as well as learn new ones through a comprehensive training programme involving both internal and external trainings.

Who we look for

The selected candidate should have 5 years of extensive experience in IT security and incident response and must possess knowledge in the following areas:

  • Knowledge of Windows, Linux, and macOS operating systems
  • Log management and analysis tools
  • Tools for packet capture and analysis
  • Web security including understanding of the underlying protocols
  • Static artefact analysis including debugging, code de-obfuscation, and reverse engineering basics
  • Scripting experience, particularly using JavaScript, Python, and PowerShell
  • Memory forensics tools such as experience, such as for instance Volatility
  • Disk forensics tools, such as EnCase, FTK, the SleuthKit, RegRipper, etc.
  • Experience with Splunk, MS Defender 365, MS Sentinel
  • Cyber-threat intelligence sharing, using MISP in particular
  • Use of incident management tools.

The selected candidate should also demonstrate the following skills:

  • A high level of customer orientation
  • Proven leadership and decision-making abilities
  • Expertise in IT security and incident response strategies
  • Proficiency in using various forensics tools and methodologies
  • Excellent written and verbal communication skills
  • Strong analytical and problem-solving capabilities
  • Strong organisation and project management skills.

What would make you stand out

The ideal candidate will possess some, or all of the following:

  • Work experience in a complex public sector environment
  • Experience in delivering trainings and public presentations.

The candidate must hold a security clearance at EU SECRET level or be in a position to be security cleared.

What we offer

  • A friendly and multicultural workplace
  • A stimulating and unique environment where personal development, growth and initiative are encouraged
  • Continuous learning opportunities
  • Working with a supportive and dynamic team with a deep sense of mission
  • Flexible scheduling with the possibility to work from home on a part-time basis
  • An attractive salary.

Consult the Jobs at the European Commission page for more information on the working conditions. Please note that the position is based in Brussels, Belgium. Full remote work is not possible at this time.

Are you eligible

To apply, you have to:

  • Be a national of one of the Member States of the European Union
  • Be able to provide a certificate of good conduct
  • Have fulfilled any legal obligations related to military service
  • Be able to produce evidence of thorough knowledge of one of the official EU languages (level C1) and satisfactory knowledge of a second official EU language (level B2).

Additionally, to be recruited as a contract agent, you must have:

  • For function groups II and III:
    • a level of post-secondary education attested by a diploma, or
    • a level of secondary education attested by a diploma giving access to post-secondary education, and appropriate professional experience of at least three years, or
    • professional training or professional experience of an equivalent level, where justified in the interest of the service.
  • For function group IV:
    • a level of education which corresponds to completed university studies of at least three years attested by a diploma, or
    • professional training of an equivalent level, where justified in the interest of the service.

If so, then apply!

  • Send an email to secretariat@cert.europa.eu with your CV (and a motivation letter if possible). Please provide the title of the position you are applying for in the subject of your email.
  • If your skill-set matches the requirements, we will contact you for an informal interview to introduce you to CERT-EU, get to know you better and answer questions you might have
  • If the informal interview goes well, you will need to take a CAST test. Worry not, our wonderful secretariat will supply all the necessary information
  • Once you succeed in the CAST test, we will then invite you for a formal interview in view of a possible recruitment.

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.