Job Specifications
Description
As a CSIRT Officer you will join the CISO Cybersecurity Center of Excellence team within the NMBS CISO organization . You will be responsible for simulating cyberattacks to identify vulnerabilities in systems, networks, and applications, helping to strengthen our security posture. You will work closely with incident response, threat intelligence, and security operations teams to proactively assess and improve our defenses, propose and execute improvement actions, interact with the staff of NMBS (including its affiliates) and the security services providers.
Responsibilities
Conduct Penetration Tests: Execute controlled penetration tests on internal and external critical systems, applications, networks, and cloud environments to identify exploitable vulnerabilities and assess the effectiveness of existing security controls in IT, IOT & OT environment.
Perform Vulnerability Assessments: Use automated and manual techniques to discover vulnerabilities and assess the potential impact on business operations and data confidentiality, integrity, and availability.
Risk-Based Prioritization: Align findings with enterprise risk management frameworks to prioritize remediation based on business impact, likelihood of exploitation, and regulatory requirements.
Responsible Disclosure & Ethical Engagement: Follow responsible disclosure protocols when identifying vulnerabilities in third-party systems or applications. Collaborate with vendors and external stakeholders to ensure ethical handling and resolution of discovered issues.
Reporting & Remediation Guidance: Document technical findings in clear, actionable reports tailored to both technical and non-technical audiences. Provide remediation strategies and support teams in implementing fixes.
Collaboration with Cross-Functional Teams: Work closely with development, infrastructure, and risk teams to validate fixes, improve secure coding practices, and integrate security into the software development lifecycle (SDLC).
Threat Simulation & Adversary Emulation: Drive and participate in red team/blue team exercises, purple teaming, and threat simulations to test detection and response capabilities and improve overall cyber resilience.
Tooling & Automation: Develop and maintain custom scripts, tools, and automation frameworks to streamline testing processes and improve repeatability and coverage.
Security Audits & Compliance Support: Assist in internal and external audits, compliance assessments (e.g., NIS2, GDPR), and provide evidence of testing activities and remediation efforts.
Continuous Learning & Threat Intelligence Integration: Stay current with emerging threats, attack vectors, and security technologies. Integrate threat intelligence into testing methodologies to simulate realistic attack scenarios.
Evaluation criteria
Proficiency in penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Nessus).
Strong understanding of network protocols, operating systems (Windows/Linux), and web technologies.
Experience with scripting languages (Python, Bash, PowerShell).
Knowledge of OWASP Top 10 and MITRE ATT&CK framework.
Familiarity with cloud environments (AWS, Azure, GCP) and container security.
Ability to perform manual and automated exploitation.
Understanding of secure coding practices and application security.
Analytical Thinking: Ability to assess complex systems and identify weaknesses.
Communication: Clear reporting of findings to technical and non-technical stakeholders.
Problem-Solving: Creative approach to bypassing security controls and finding vulnerabilities.
Team Collaboration: Work effectively with cross-functional teams.
Adaptability: Stay updated with evolving threats and technologies.
Ethical Judgment: Strong sense of integrity and responsibility in handling sensitive data.
Customer focus and able to handle in an organization-sensitive way
Conformity criteria:
Languages: Spoken and written fluency in Dutch or French
Languages: Spoken and written fluency in English
Minimum 2 relevant certifications, such as the GPEN, GXPN, GCPN, GWAPT, OSCP, OSEP or similar
At least 3-5 years of experience in a security-related role, with a focus analysis, risk & reporting
Bachelor's degree in Computer Science, Information Security, related field or equivalent experience
2 days per week onsite presence with 1 day certainly on Thursday