RHEA Group is an international leading Space and Security engineering organisation providing engineering services and customised technology solutions enabling the design, operation and utilisation of space systems and other critical infrastructure. We attract skilled engineers, scientists and management professionals worldwide; and offer a range of exciting career paths within our organisation and working alongside clients such as the UK Space Agency, the European Space Agency, the European GNSS Agency, NATO, the European Commission, EUMETSAT, etc.
Are you looking for a new opportunity in a fast-moving global company with a family feel? A job where you could have an impact?
We are looking for Senior SOC Analysts to support RHEA’s growth in Cybersecurity Operational activities.
The SOC Analyst is an operational role, focusing on real time security event monitoring and security incident investigation. You will have the opportunity to provide expert support to RHEA Group’s new European Cybersecurity Centre of Excellence in Transinne, Belgium.
About the team and location
In the Security Operations Centre Level 2 (SOC L2) team, we continuously monitor our customers environment for potentially malicious activity which could be an indication of a security incident. We analyse security alerts, assess threat impact and coordinate containment, mitigation, and eradication strategies by investing in our people.
RHEA Group and partner IDELUX are creating a European Cybersecurity Centre of Excellence in Transinne, Belgium, to support and strengthen European organizations across all sectors, including defence, against the perpetual threat of attacks, and to act as a centre of excellence to ensure digital trust at all times.
This new centre will provide a unique cybersecurity ecosystem and pool of expertise in the heart of Europe to effectively address any preventive and corrective concerns and needs that European organizations may have when it comes to securing their operations, IT systems and data.
Tasks and Activities
The scope of work will include:
- Continuously monitoring the customers’ infrastructure to identify security incidents using the SIEM and SOAR tools.
- Triaging security alerts.
- Using the ticketing system to log and trace the incident handling process.
- Collecting data and context necessary to initiate escalation.
- Following the incident handling process for any security alerts using operational procedures which cover security alert monitoring, incident categorization and triage, incident response strategy and definition of recovery strategies.
- Monitoring the health of customer security sensors and SIEM infrastructure.
- Delivering scheduled and ad-hoc reports.
- Working closely with Level 2 & CSIRT team towards the continuous improvement of the service.
- Providing onsite support to the EUSPA’s Security Monitoring Centre based close to Paris.
Skills and Experience
The following skills and experience are mandatory:
- A Bachelor’s degree or equivalent related experience, Qualification in Cybersecurity or demonstrated interest in the cybersecurity domain.
- A minimum of three years’ experience in a similar role and in incident handling.
- Experience with Windows and *nix platforms.
- Willing to follow SOC processes and procedures while maintaining the flexibility to “think outside the box”.
- Knowledge of networking protocols (TCP/IP, DNS, HTTP, SSL, PKI, Radius …).
- Strong written and oral communication skills.
- Collaborative and team focused.
- Strong analytical, critical observation skills.
- Ability to prioritize tasks.
- Experience in working a 24/7 shift or on-call.
- Languages: English (read/write/spoken) to B2 or higher with additional knowledge in any other European languages.
- EU National and eligible to obtain a security clearance.
The following skills and experience would be highly desirable:
- GICSP, CISM, CISSP, CEH, COMPTIA or other technical security certification.
- Experience with O365 Security Monitoring.
- Experience with SIEM tools such Qradar/Splunk/Arcsight/Prelude/Elastic/MS Sentinel.
- Experience with Security Orchestration and Response (SOAR) tools.
- Experience with using regular expressions and natural language queries.
- Knowledge of common security frameworks (ISO 27001, COBIT, NIST).
- Knowledge of encryption and cryptography.
- Scripting (automation) and familiarity with Cloud (AWS/Azure).
- EU Secret clearance.
Why should you apply?
- You will have the opportunity to work within a major institution.
- We encourage everyone to think outside the box and to push the boundaries of traditional knowledge. This role is an opportunity to join a forward-thinking company and allows for a deeper understanding of the industry.
- Benefits include: competitive remuneration packages; unique career opportunities, including working in other countries; personalized training and development programmes; flexible relocation support.
We welcome applications from people with disabilities, members of ethnic minorities, all genders, LGBTQ+ individuals and ex-service personnel.