At a glance

ABN-AMRO Clearing Bank (AACB) CISO Office is looking for a Lead Computer Incident Response Team (CSIRT) with Incident Response (IR) or Security Operations Center (SOC) experience in the Operations and Intelligence (O&I) department.

Working environment

The AACB CISO O&I department is responsible for the daily security operations of ABN-AMRO Clearing Bank. Their responsibilities include threat intelligence, vulnerability management, security monitoring, and incident response. These responsibilities are divided in sub streams within O&I. 

The IT landscape which needs to be protected is global and contains a diverse combination of networking solutions, operating systems and security controls.

The O&I department consists of a team of security professionals located in Sydney, Amsterdam, and Chicago. Where this role is Amsterdam based. In order to perform their daily operations, the team can rely on market leading security tools and technologies, like EDR, SIEM, Vulnerability Scanners, etc. 

Your job

The vacant role focusses on resolving small and larger security events and incidents and leading team members within O&I towards a more mature CSIRT stream which is well integrated with the SOC. The incidents often come your way via email, walk-ins or escalated from the SOC. You will be responsible that these incidents get resolved in a timely mater. The rest of the team within O&I is there to support. With larger incidents you are expected to lead the resolution on a technical level or support other analysts who are leading security incidents. If the incidents are smaller it’s expected you can resolve them by yourself. When specifics tasks are required such as Digital Forensics we have an out sourcing partner who can perform that.

For resolving of security incidents you will have access to several sources, including a EDR solution and a SIEM with multiple log sources. If an alert escalates to a security incident you are one of the leads within the team to set out actions and guide the team to a successful closure of the incident and inform stakeholders along the way. The CSIRT stream plays a key role in keeping the company safe by resolving security events and incidents in a highly regulated environment. 

When time permits, there are no incidents that require follow up at that time, you can work on maturing the CSIRT and Incident Response capabilities. This can be identifying and resolving gaps in tooling, process or technologies. It will also be expected from you to support the more junior team members in investigations and helping them interact with senior stakeholders. 
 

Responsibilities and duties

•    Investigate security incidents and work with other teams to contain and remediate cyber security incidents.
•    Lead large security investigations on a technical level. 
•    Improve the CSIRT and Incident Response processes and capabilities. 
•    Proactive connect with various stakeholders within the organization. 
•    When required help out other streams within the O&I department such as Threat Intelligence, Vulnerability Management, and Security Monitoring.
•    Research security solutions and develop new and existing CSIRT processes for this rapidly changing landscape.
•    Provide technical leadership for security systems and tools to improve incident.
•    Support and mentor junior team members with their work and growth path. 

Your profile

•    Demonstrable experience in security operations work. 
•    Demonstrable experience in cyber security incident response
•    You have experience with the incident response life cycle.
•    You have experience in leading both small and large size security incidents from a technical point of view.
•    Ensuring timely follow up on critical security incidents.
•    Take ownership, investigate and resolve escalated tickets.
•    You have worked before with enterprise grade security tooling such as SIEM, EDR and XDR. 
•    Strong communication skills with stakeholders who are technical and non-technical.

Knowledge and Experience

•    5+ years’ experience in Security monitoring and Incident Response.
•    Understanding frameworks such as Cyber Kill Chain, MITRE ATT&CK.
•    Understanding of enterprise grade technical security controls and Zero Trust concepts.
•    Are familiar with SIEM, XDR and EDR products. 
•    Certifications such as the following would be desirable but not mandatory: GCIH, GDAT, GCDA, GISP, OSDA, CCFR, SC-900, SC-200

We are offering

A role in an international environment with many challenges 
A supplementary benefit budget of 11%, which you can spend on additional fringe benefit 
The opportunity to be the best you can be, work flexible hours and lots of room to grow both personally and professionally 
A personal development budget of EUR 1.000 per year 
An annual public transportation pass 
A solid pension plan

Interested?

If you’re interested in applying or would like more information about this position, please contact Peter-Bob Smits, stream lead Operations & Intelligence, by e-mail: Peter-Bob.Smits@abnamroclearing.com.

Equal opportunities for all

The success of our organisation depends on the quality of our people and the ideas that they have. Truly surprising insights and innovative solutions for our clients result from an interplay of cultures, knowledge and experience. Diversity is therefore extremely important to our organisation. To ensure that everyone at ABN AMRO can develop their talents, we encourage an inclusive culture in which all colleagues feel engaged and appreciated.

Disclaimer external recruitment agencies

External recruitment agencies need to have a signed agreement with ABN AMRO BANK N.V., executed by a Talent Acquisition Specialist, when submitting a resume to a vacancy. In addition, a recruitment agency can only submit a resume when invited by a Talent Acquisition Specialist to join the search for a right candidate. All unsolicited resumes sent to us will be considered property of ABN AMRO BANK N.V. In this case, ABN AMRO will not be held liable to pay a placement fee.