A major Belgian financial institution maintains critical national financial infrastructure and needs to strengthen its detection and response capability in the Security Operations Center. This senior role combines detection engineering, threat hunting and L3 incident response work using Microsoft Defender XDR, Microsoft Sentinel and KQL to reduce time to detection and contain advanced threats.
The mission
The SOC is responsible for monitoring and protecting systems that support monetary policy, payment systems and financial supervision. The environment includes Microsoft Azure-hosted services, Microsoft Defender XDR and Sentinel for telemetry, Splunk for historical logs, Stamus for network detection, and a mix of Windows Server and Red Hat Linux hosts. The team runs purple team exercises and local adversary emulation to validate detection coverage across thousands of monitored endpoints.
Day to day you will lead advanced incident investigations, develop and tune detection use cases, and run proactive hunts informed by threat intelligence. You will escalate and mentor L1/L2 analysts, author playbooks and detection rules in KQL and work with IT teams on containment and recovery for Windows Server 2016+ and Red Hat Linux systems. Regular activities include malware analysis, vulnerability management input, and coordinating purple team tests with blue and red teams.
Your responsibilities
- Lead advanced incident response, drive containment and eradication, and deliver clear technical root cause analysis to IT stakeholders
- Design, implement and tune detection use cases in Microsoft Sentinel and Defender XDR to reduce false positives and improve detection fidelity
- Conduct proactive threat hunting and malware analysis to identify attacker TTPs and translate findings into detection content
- Mentor and support L1 and L2 analysts during escalations and improve SOC operational playbooks and runbooks
- Coordinate purple team exercises and adversary emulation to validate detection effectiveness and measure SOC maturity
- Automate repeatable tasks and triage steps using KQL and ServiceNow integrations to improve mean time to response
Your profile
Essential skills
- Proven capability as an L3 incident responder, leading investigations and coordinating cross-team remediation
- Strong detection engineering skills, able to author and validate detection rules in Microsoft Sentinel and Microsoft Defender XDR
- Practical experience with KQL scripting for hunting, alert tuning and automation
- Malware analysis and forensic capability on Windows Server 2016+ and Red Hat Linux systems
- Familiarity with Microsoft Azure telemetry, Splunk, Stamus network detection, and ServiceNow for incident workflows
- Pro-active, autonomous and collaborative working style with clear written and verbal communication
- Experience contributing to vulnerability management processes and purple teaming validation
A security clearance will be required for this position and the screening process can take several weeks. Candidates must agree to undergo the required security checks.