Threat Detection & Incident Response Specialist – Security Operations & AI

Our client, a leading organization in the pharmaceutical sector, is looking for a specialist to strengthen their security operations. This role focuses on operationalizing cyber defense, coordinating major security incidents, and integrating AI capabilities within the security operations center.

• Oversee the quality of alert triaging and incident handling performed by internal and external partners.
• Coordinate the response to major security incidents, managing stakeholders and containment strategies through to resolution.
• Perform advanced Level 3 SOC analysis and complex investigations across endpoint, cloud, and network environments.
• Execute proactive threat hunting activities and operationalize threat intelligence to identify emerging risks.
• Automate SOC activities by implementing AI capabilities and developing detection controls for internal AI systems.
• Design and maintain incident response playbooks and security hardening guides to improve defensive resilience.

• You have 5+ years of experience in security operations, incident response, or threat hunting within enterprise or MSSP environments.
• You bring knowledge of SIEM and EDR/XDR tools, specifically the Microsoft stack including Sentinel and Defender.
• You have experience with cloud platforms such as Azure and AWS.
• You possess proficiency in adversarial frameworks like MITRE ATT&CK and MITRE ATLAS.
• You bring hands-on experience with AI and automation in a cybersecurity context.
• You have an understanding of Email and DNS security using tools such as Mimecast.
• You're familiar with Darktrace and dark web monitoring practices.
• You bring strong incident response coordination skills and the ability to manage stakeholders under pressure.
• You possess an analytical mindset with the ability to translate threat intelligence into operational actions.
• You are fluent in English.

Nice to Haves

• Experience communicating with regulatory bodies.
• Familiarity with forensic frameworks and tools.
• Knowledge of Red Teaming and penetration testing methodologies.
• Possession of relevant cybersecurity certifications.

• Start date: ASAP
• Duration: 1 year
• Work regime: Full-time
• Location: Ghent
• Working model: Hybrid (mostly remote with 1 day per month onsite)
• Contract: open to both permanent employees and freelancers