What we propose
Our Digital Forensics and Incident Response (DFIR) Team has the responsibility for monitoring available information sources for indications of compromise of the EU institutions, bodies and agencies, our constituents. Analysts in the team triage the incoming information, and, if necessary, investigate incidents and coordinate the full response process.
We are currently looking for a DFIR Analyst to join the team in order to:
- Work with other DFIR experts, each one predominantly focused on the specific security domain for which they are most competent, but all closely cooperating as a team, coordinated by the DFIR Team Leader, who reports to the Head of CERT-EU
- Monitor security alerts and triage them
- Analyse logs, perform forensics analysis of disk and memory images and draft incident reports
- Seek to improve tools and processes aiming at increasing the efficiency and performance of the team
- Develop their skills as well as learn new ones through a comprehensive training programme involving both internal and external trainings.
Who we look for
The selected candidate should have experience in IT security and must possess knowledge in the following areas:
- Vulnerability assessments and penetration testing
- Knowledge of Windows, Linux, and macOS operating systems
- Log management and analysis tools
- Tools for packet capture and analysis such as Wireshark or tcpdump
- Web security including understanding of the underlying protocols
- Static artefact analysis including debugging, code de-obfuscation, and reverse engineering basics
- Using and configuring sandboxes such as Cuckoo, FireEye, etc.
- Memory forensics tools such as Volatility
- Disk forensics tools, such as EnCase, FTK, the SleuthKit, RegRipper, etc.
- Cyber-threat intelligence sharing, using MISP in particular
- Use of incident management tools.
The selected candidate should also demonstrate the following skills:
- A high level of customer orientation
- Strong analytical and problem solving skills, including the ability to deal with a large amount of information in a limited time
- Ability to establish and maintain effective working relations with coworkers in an international and multi-disciplinary work environment
- A high degree of commitment and flexibility
- Excellent communication skills in English, both orally and in writing
- A focus on constant learning and improvement of technical and personal skills
- Experience with a vast array of IT technologies and the ability to quickly master new ones.
What would make you stand out
The ideal candidate will possess some, or all, of the following:
- Work experience in a complex public sector environment
- Experience with Splunk
- General security certifications (e.g. CISSP)
- Certification in a Project Management methodology (e.g. PMI, Prince2) and/or in service management (e.g. ITIL)
- Experience in delivering trainings and public presentations.
The candidate must hold a security clearance at EU SECRET level or be in a position to be security cleared.
What we offer
- A friendly and multicultural workplace
- A stimulating and unique environment where personal development, growth and initiative are encouraged
- Continuous learning opportunities
- Working with a supportive and dynamic team with a deep sense of mission
- Flexible scheduling with the possibility to work from home on a part-time basis
- An attractive salary.
Consult the Jobs at the European Commission page for more information on the working conditions. Please note that the position is based in Brussels, Belgium. Full remote work is not possible at this time.
Are you eligible
To apply, you have to:
- Be a national of one of the Member States of the European Union
- Be able to provide a certificate of good conduct
- Have fulfilled any legal obligations related to military service
- Be able to produce evidence of thorough knowledge of one of the official EU languages (level C1) and satisfactory knowledge of a second official EU language (level B2).
Additionally, to be recruited as a contract agent, you must have:
For function groups II and III:
- a level of post-secondary education attested by a diploma, or
- a level of secondary education attested by a diploma giving access to post-secondary education, and appropriate professional experience of at least three years, or
- professional training or professional experience of an equivalent level, where justified in the interest of the service.
For function group IV:
- a level of education which corresponds to completed university studies of at least three years attested by a diploma, or
- professional training of an equivalent level, where justified in the interest of the service.
If so, then apply!
- Send an email to firstname.lastname@example.org with your CV (and a motivation letter if possible). Please provide the title of the position you are applying for in the subject of your email.
- If your skill-set matches the requirements, we will contact you for an informal interview to introduce you to CERT-EU, get to know you better and answer questions you might have
- If the informal interview goes well, you will need to take a CAST test. Worry not, our wonderful secretariat will supply all the necessary information
- Once you succeed in the CAST test, we will then invite you for a formal interview in view of a possible recruitment.