Job Description

Detection Consultant

Department: Cyber Services and Capabilities

Employment Type: Fixed Term Contract

Location: NLD Rijswijk

Key Responsibilities

• Schedule and host threat workshops utilizing industry-approved methodologies such as DREAD or STRIDE
• Correlate log events in SIEM solutions with activities which have taken place in the (business) application or technology
• Query data ingested into customer SIEM environments to assess the practical feasibility of newly proposed detections.
• Prepare pseudo-logic and work packages for detection engineers who write detections-as-code within the NCC detection repository.
• Derive new generic detection opportunities from Threat Intelligence reports to further expand NCC’s detection library.
• Identify potential abuse patterns in customer applications.
• Query large datasets of data in SIEMs (Sentinel & Splunk).
• Explain (potential) attack paths to customers.
• Write pseudo-logic for the development of new detections.
• Track the status of detections under development and share status updates with the customer.
• Obtain feedback from customers on exceptions and allowed behavior during the testing phase of the development of new analytics.
• Ensure work is up-to-date and tracked in (internal) ticketing system(s).

Skills, Knowledge & Expertise

• Experience in detection engineering on a range of technologies (SIEM and EDR) OR experience in SOC or Managed Detection Services OR experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security
• Excellent oral and written communication skills.
• Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver.
• Good understanding of IT Systems and platforms from a security context.

• A security mindset and demonstrable experience or knowledge of contemporary attack tactics and techniques.
• Forensics or Incident Response competency would be considered valuable.
• Strong knowledge of the latest threats in security.
• The skills to translate technical attacks to effects in the business (and vice versa).
• Experience in simulating attacks is considered an advantageous skill to enhance other skills.
• Experience with SIEM tools, preferably Splunk and Microsoft Sentinel.

• Azure or other cloud technologies,
• Windows Active Directory,
• Windows Operating System fundamentals,
• Networking fundamentals.
• System management technologies
• Identity and access management procedures and technologies

Job Benefits

• A good salary that matches the things you have already done and will do;
• Flexible working hours and flexibility in working from home or at the office, allowing you to optimally combine your private life with your work;
• A favorable pension scheme, 26 vacation days (+4 mandatory days off), and 8% holiday pay with a full-time contract;
• Plenty of development opportunities: you can gain and share knowledge through training, TechTalks, events, and our own Fox Academy;
• A laptop and business phone. If you use your own phone, you will receive a reimbursement of up to €25 per month;
• A remote work allowance (for hybrid working);
• A performance bonus and profit sharing because we value your effort;
• When we work in the office, we gather every day for a delicious lunch.