Cyber Incident & Response Team

Division

Cyber Defense Center (CDC) is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear’s services, its supporting assets, and people. We do this through the Security Operations Centre (SOC), Cyber Incident & Response Team (CIRT), Detection & Response Engineering Team (D&R Eng), and Cyber Threat Management (CTM) capabilities. This includes security incident and event monitoring, cyber analytics, incident management and forensic analysis, cyber threat intelligence, vulnerability management, penetration testing, brand, and digital footprint monitoring.

The CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties.

CIRT establishes and executes the security incident response framework to ensure a consistent and effective approach to security incident management. Performs in-depth incident reviews, impact assessments, root-cause analysis and manage stakeholder engagement. Executes forensic analysis / investigations and supports Fraud and Personnel related incident investigations.

Role

In your role as CIRT Analyst you support the incident response capabilities and forensic technologies, understand the impact of potential security incidents on complex corporate environments, support and assess incident remediation to a conclusion. You will also assist with reporting and stakeholder management activities.

Your primary duties will be :

• Independently handles investigations within framework of procedures.
• Owns the incident and leads the resolution, even the most complex, critical and sensitive cases.
• Identify any incident / request that requires increased focus and actions necessary to meet committed service levels.
• Collaborate and work with Threat Intelligence and the SOC personnel to develop automated and integrated incident management processes.
• Execute / manage the Cyber Security Incident Management process to ensure timely mitigation and escalate to appropriate incident resolver groups leaders. Execute third-tier incident handling including incident remediation in collaboration with the IT resolver team.
• Execute / assist in the delivery of the organisation’s security incident management including coordination and communication with the wider security organisation, the business, IT and external stakeholders where required.
• Validate and report deviation of incident response playbooks for various scenarios involving SOC and CIRT personnel.
• Lead major cyber security incidentsand provide support to the organization whenever cyber incidents occur. Independently handles investigations within framework of procedures.
• Manage incident response and forensic technologies, understand potential security incident impact on complex corporate environments and the ability to assess and manage incidents to a conclusion.
• Manage reporting and internal / external stakeholder management activities. Requires deep understanding of the business and infrastructure to enable choosing the most efficient and effective proposal to deal with an incident / threat.
• Oversee root cause analysis for major cyber security incidents ensuring that the suitable problem management, issue management or risk management processes are followed as well as tracking issues through to resolution.
• Forensics : technical expertise to gather and preserve digital evidence; investigative skills to think outside the box to build up a picture by combing through various sources of information; integrity to deal with sensitive and confidential matters.
• Execute & Assist in forensic investigations into potential or confirmed incidents in alignment with company guidelines.
• Ensure preservation of digital evidence throughout investigations; escalate exceptions to experienced team members.
• Expert interface for legal cases related to Euroclear - how to build case from cyber perspective.
• Engage in industry wide cyber exercises.
• May provide evidence in court and act as representative in fraud forum.
• Developingand implementing of supporting processes, exercising and acceptance of the framework and processes before it goes live.
• Support engagement with Threat Intelligence and the CDC personnel to develop integrated incident management processes.
• Develop and maintain close working relationships with centrally and locally-based device owners, business stakeholders, business / application / solution architecture, application, IT & operational teams.

Technical skills

Assets

Soft skills

LI-NS1