CSIRT Technical Team Lead

Function

We're looking for an experienced Technical Team Lead to join our client's cyber security division and drive the evolution of a mature Computer Security Incident Response Team (CSIRT). This is an outstanding opportunity for a hands-on security leader with deep technical expertise and a passion for incident response, threat intelligence, and security operations. You will combine leadership responsibilities with technical execution, helping to strengthen the organisation's cyber resilience in a highly secure and mission-critical environment.

The Role

As Technical Team Lead, you will oversee the day-to-day operations of the CSIRT while actively contributing to the design and implementation of advanced security capabilities. Your responsibilities will include:

• Leading and developing a team of security engineers, setting priorities, managing planning, and fostering technical growth.
• Designing, implementing, and maintaining the CSIRT ecosystem, including SIEM, SOAR, Cyber Threat Intelligence (CTI), and related security platforms.
• Coordinating incident response activities, including triage, forensic investigations, root-cause analysis, and malware analysis.
• Developing and enhancing detection capabilities, security monitoring controls, playbooks, and automation through scripting, primarily with Python.
• Analysing vulnerabilities and emerging cyber threats, assessing their impact, and recommending mitigation strategies.
• Producing technical documentation, performance reporting, and meaningful KPIs while collaborating with stakeholders on escalations, operational improvements, and change initiatives.

The Ideal Candidate

Our client is seeking a seasoned cyber security professional with extensive experience in security operations and incident response. You will bring:

• At least seven years of experience in a similar technical leadership or senior security operations role.
• Proven expertise in security operations, encryption, compliance, vulnerability management, incident response, digital forensics, blue team operations, mobile application security, and bug bounty programmes.
• Strong hands-on experience with SIEM and security operations technologies, particularly Splunk Enterprise Security, alongside open-source security tooling.
• Solid knowledge of Enterprise Linux and scripting languages such as Python and PowerShell.
• Experience working in highly regulated or security-sensitive environments, with a strong understanding of information security standards, governance, and industry best practices.
• Familiarity with threat intelligence, vulnerability management, and security frameworks such as MITRE ATT&CK, NIST, or similar methodologies. Experience with ITIL and change management processes is considered an advantage.

Skills & Qualifications

The successful candidate combines technical excellence with strong leadership and communication skills. Preferred qualifications and attributes include:

• Professional certifications such as OSCP, GCIH, GCIA, GNFA, CISSP, CISM, or equivalent.
• Excellent analytical and problem-solving abilities with a practical, hands-on approach to security challenges.
• Strong stakeholder management and communication skills, with the ability to engage effectively across technical and business teams.
• A proactive mindset and genuine passion for continuous learning and staying ahead of emerging cyber threats.
• Fluency in English and either Dutch or French, both written and spoken.
• Willingness to work full-time on-site in the Brussels region.
• Eligibility to work within highly secure environments, including the ability to meet stringent security clearance requirements.

This is an exciting opportunity to lead a skilled security team, shape advanced cyber defence capabilities, and make a tangible impact within a complex and technically challenging environment.