Incident response

Job Description

Cybersecurity Incident Responder / SOAR Automation Specialist

Contract type: Freelance / B2B

Location: Brussels, Belgium

Work mode: Mainly onsite (90–100%)

Duration: Long-term assignment - up to 3 years project

Eligibility: EU nationality required

Role Overview

A large, highly regulated international client is seeking a Cybersecurity Incident Responder with SOAR/XSOAR automation expertise to support and enhance its security operations capability.

The role is hands-on and operational, combining end-to-end incident response with the design, development, and optimisation of automated incident handling workflows. The successful consultant will work closely with SOC analysts, cyber defence teams, infrastructure teams, and external stakeholders in a high-maturity security environment.

Key Responsibilities

• Handle cybersecurity incidents end-to-end, including triage, investigation, escalation, containment, and resolution.
• Define and maintain incident response procedures, automation requirements, and playbook logic aligned with operational needs.
• Design, develop, and maintain SOAR / Cortex XSOAR playbooks, integrations, and automated enrichment workflows.
• Integrate SOAR workflows with security platforms such as SIEM, EDR, and cloud services.
• Ensure consistent and standardised handling of recurring alert types through automation and documented workflows.
• Coordinate incident response activities with SOC teams, cyber defence units, infrastructure teams, and relevant stakeholders.
• Produce high-quality incident reports, technical documentation, and operational procedures for the internal knowledge base.
• Track and report on operational KPIs (e.g. MTTH, escalation rate, false/true positive ratio, automation coverage).
• Support training and knowledge transfer for analysts on incident response methodologies and playbook usage.
• Continuously identify opportunities to improve detection quality, automation efficiency, and response effectiveness.
  
  

Required Skills & Experience

• University degree (Bachelor’s or Master’s) in IT, Cybersecurity, or a related field.
• Minimum 10 years of experience in IT/cybersecurity, with strong focus on incident response and SOC operations.
• Proven hands-on experience with SOAR platforms, preferably Palo Alto Cortex XSOAR.
• Strong experience designing and maintaining automated incident response playbooks and enrichment workflows.
• Solid programming/scripting experience, particularly Python, for automation and integration purposes.
• Practical experience with:

• SIEM platforms (e.g. Splunk, Azure Sentinel)
• EDR solutions (e.g. Microsoft Defender, Carbon Black Cloud)
• Cloud environments (AWS and/or Azure)
• Exposure to container security solutions is a plus
• Strong understanding of incident response methodologies and best practices.
• Experience working in large, complex, or multinational environments.
• Excellent analytical and problem-solving skills, with the ability to identify root causes and propose automation improvements.
• Ability to communicate clearly with both technical and non-technical stakeholders.
• High standards for documentation, reporting, and operational consistency.
  
  

Certifications (Required / Highly Preferred)

• Relevant cybersecurity certifications (minimum 2), such as:

• Palo Alto Cortex XSOAR
• Splunk
• Microsoft Security (e.g. SC-200)
• AWS Security Specialty
• Azure Security Engineer
• Other recognised incident response or cloud security certifications