JOB DESCRIPTION

IT Security Officer

Digital Forensics & Incident Response

analyst

Directorate-General for Digital Services CERT-EU of the

European Commission

Selection reference: DIGIT/C0M/2025/1193 Domain: Information and Communication Technologies Where: DIGIT CERT-EU, Brussels

Staff category and Function Group: Temporary agent 2b/2d – Administrator Grade range: AD5-7

Publication deadline: 17.10.2025 – 12.00 (Brussels time)

WE ARE

DIGIT is the Directorate-General for Digital Services whose aim is to deliver digital services to enable EU policies and to support the Commission’s internal administration. CERT-EU is the Cybersecurity Service for the European Union institutions, bodies, offices and agencies (Union entities). CERT-EU is administratively attached to DIGIT.

Established in 2011 to shore up the ICT security for the Union entities, we have been steadily expanding our IT security operations over the years and currently serve over 90 such entities spread across the Continent and beyond. From our base in Brussels, we work with a range of peers, partners and researchers from all over the world to ensure we maintain our technological edge and have access to the best-in-class expertise.

WE PROPOSE

CERT-EU is looking to hire a truly motivated IT Security Officer – Digital Forensics & Incident Response analyst. This is a highly challenging and empowering job which provides many opportunities for one’s competencies to shine in a very friendly, supportive, human and professional environment. The selected candidate will serve as a Digital Forensics and Incident Response (DFIR) analyst within CERT-EU, supporting the European Union institutions, bodies, offices and agencies (Union entities).

Your primary responsibility will be to investigate and respond to cybersecurity incidents, uncovering threats through forensic analysis of multiple evidence artifacts at scale, including disk, memory, and network data. The job holder will also lead the threat hunting exercises within the team, designing and refining threat detection logic, use cases, and response workflows to enhance CERT-EU’s ability to uncover and respond to threats effectively.

The position will consist of the following, amongst other tasks:

• Conducting in-depth investigations of cybersecurity incidents affecting Union entities, including forensic analysis of disk, memory, and network data.
• Analysing logs and digital artefacts across diverse platforms (Windows, Linux, macOS) to determine root cause and scope of incidents.
• Using specialised forensic tools (Thor, Dissect, Plaso, Velociraptor) to extract and interpret digital evidence.
• Leveraging log management platforms and SIEM/XDR solutions, such as Microsoft Sentinel and Microsoft XDR, to support detection and investigation workflows.
• Documenting findings in clear, structured incident reports and contributing to post-incident reviews and lessons learned.
• Collaborating with other DFIR team members and stakeholders to ensure a coordinated response to major incidents.
• Leading the implementation of threat hunting strategies by proposing them to the sector (FORCE) management and coordinating their implementation.
• Conducting threat hunting exercises within the customer’s network and working in close collaboration with the customer’s technical teams.
• Designing, implementing, and maintaining threat detection rules to identify malicious behaviours during threat hunting exercises.
• Continuously improving threat detection logic to reduce false positives and enhance findings fidelity.
• Working closely with SOC analysts, the CTI team, and the DFIR team to translate threat insights into actionable hunting campaigns.
• Monitoring threat landscape developments in close collaboration with CTI team and proactively adapting threat hunting capabilities accordingly.
• Developing and maintaining custom scripts and tools to support DFIR investigations and detection workflows.
• Automating repetitive or manual tasks to improve operational efficiency in forensic analysis and detection response.
• Ensuring the reliability and scalability of DFIR tools and platforms used by the team.
• Contributing to the development of internal tooling to facilitate analysis and evidence handling.
• Leveraging and sharing operational insights to help Union entities improve detection and response capabilities.
• Supporting training efforts within the team and actively engaging in knowledge transfer and mentoring.
• Providing feedback on CERT-EU services and capabilities based on operational experience to guide continuous improvement.

WE LOOK FOR

The selected candidate should also possess knowledge and experience in the following domains:

• Knowledge of Windows, Linux, and macOS operating systems.
• Practical experience with log management and analysis tools.
• Knowledge in forensics operations.
• Practical experience with forensics tools: Network, e.g., Wireshark, tcpdump / Disk, e.g., Plaso, Dissect, SleuthKit, Velociraptor / Memory, e.g., Volatility.

• Knowledge in web security including understanding of the underlying protocols.
• Experience in static artefact analysis including debugging, code de-obfuscation,   and reverse

engineering basics.

• Scripting/Development experience.
• Experience using SIEM and XDR platforms to support investigations, particularly Microsoft Sentinel and Microsoft XDR.
• Experience in Cyber-threat intelligence sharing, using MISP in particular.
• Experience in incident response, and incident management as well as threat hunting.

The candidate should also demonstrate the following skills:

• A high level of customer orientation.
• Strong analytical and problem-solving skills including the ability to deal with a large amount of information in a limited time.
• Ability to establish and maintain effective working relations with co-workers in an international and multi-disciplinary work environment.
• Excellent communication skills in English, both orally and in writing.
• High degree of commitment and flexibility, enthusiasm and motivation to work, with strong

teamwork abilities.

• A focus on constant learning and improving technical and personal skillsets.
• Experience with a vast array of IT technologies and the ability to quickly master new

technologies.

To make your application stand out, please consider that the ideal candidate will possess some, or all, of the following:

• A university-issued diploma or equivalent.
• At least 4 years of professional experience in Digital Forensics & Incident Response, including at least 1 year of experience in the threat hunting field.
• Experience with Threat-Detection-as-Code principles, particularly using Sigma, across multiple platforms.
• Work experience in a complex public sector environment.
• Experience in delivering trainings and public presentations.

The candidate must hold a security clearance at EU SECRET level or be in a position to be security cleared.

How to Apply

You should send your documents in a single pdf in the following order:

1. your CV 2. completed application form.

Please send these documents by the publication deadline to [email protected] indicating the selection reference DIGIT/C0M/2025/1193 in the subject.

No applications will be accepted after the publication deadline.