90% Remote - Incident Response Consultant ~ First week onsite in Luxembourg

Skills

Job Specifications

Job Description

Incident Response Consultant at NRB in Trasys International

We are seeking an Incident Response Consultant to join our team at NRB within the Trasys International department. This role offers 90% remote work flexibility, allowing you to collaborate with a global team from the comfort of your own space.

Description of the Tasks:

Development of managed Threat informed Detection content including translating threat intelligence into documented threat vectors and defining detection objectives to cover the threats
Designing, developing and deploying managed detection rules via the in house detection engineering framework on the detection platforms operated by the CSOC unit (SIEMs & EDR)
Contributing to the Threat Detection coverage on Azure IaaS&PaaS tenant protected by Microsoft Sentinel using OpenTIDE and including fine tuning and exclusion management for all deployed rules (CATCH managed rules and Microsoft Defender Analytics)
Identifying and documenting data sources from client’s networks and systems (activity logs, audit logs, asset or identity reference sets)
Preparing centralized log collections with searching, hunting, monitoring, and detection capabilities
Performing proactive operations to identify potentially malicious activity in support of the other clients' teams e.g. CATCH Threat Hunting team or the CSIRC team (Incident Response)
Assisting in reporting on the development of Detection Engineering capabilities
Interacting and coordinating changes with the CSIRC (Incident Response) and CEM (Capability Engineering and Management) sectors

Job requirements

Job Requirements for Incident Response Consultant Role

Specific knowledge, skills, and expertise required for the role:

Very good knowledge and experience in Azure Cloud Security
Expertise in securing cloud environments using Microsoft Azure Sentinel and Microsoft Defender suite, including hands-on experience with development of KQL queries
Good knowledge and experience of Splunk, Splunk Enterprise Security, and Splunk Risk Based Alerting
Advanced experience in Splunk is an asset
Good knowledge and experience of security monitoring and detection on O365
Experience with Splunk as a SIEM and with Microsoft Defender suite is an asset
Certifications in Azure or/and AWS security related topics are strong assets
Experience and knowledge of Data Science applied to security detection and monitoring is an asset
Experience in a Detection Engineering context
Experience with OpenTIDE or equivalent DetectionOps solution is a strong asset
Experience with DevSecOps principles and Git platforms
Ability to cope with fast-changing technologies used to secure endpoints and Cloud workload
Very good communication skills with technical audiences
Strong analysis and problem-solving skills
Capability to write clear and structured technical documents
Ability to participate in technical meetings and good communication skills

About the Company

In 2023, The NRB Group realised total revenues of €577.5 million, employing over 3,670 collaborators. This positions the Group amongst the top 3 of the ICT sector in Belgium. NRB offers a complete range of ICT services in four areas: consultancy, software, infrastructure & cloud services and managed staffing. NRB disposes of state of the art datacenters at two geo-resilient sites in Belgium. Whereas NRB focuses on specific sectors such as the public and social sector, the sector of energy & utilities, the financial service... Know more

Related Jobs

Company Name

SecWise

Job Title

Cloud Security Engineer

Leuven, Belgium

Hybrid

Full Time

24-12-2025

Company Name

Centum Recruitment International Limited

Job Title

Cybersecurity Incident Responder

Brussels, Belgium

On site

Freelance

24-11-2025

Company Name

Cronos Europa

Job Title

Cybersecurity - Incident Responder

Brussels, Belgium

Hybrid

Full Time

11-11-2025