About the Mission
(An identified breach will result in an immediate removal from the distribution list)
Only applications that meet exactly the BNB’s selection criteria (skills, work experience, language skills and availability) can be proposed.
Make sure that the proposed candidate name is written correctly, and that his/her name is the same as mentioned on its official identification document (ID).
If your candidate is selected for a contract, you will be asked to provide us with an ID picture, the car license plate, the birthdate, the professional email address and the consultant’s mother tongue.
————————————————————————————–
The National Bank of Belgium is an institution that works towards the stability of the financial system and the reliability of the institutions operating within it. The National Bank contributes to creating a climate of confidence conducive to the well-being of all.
Its missions:
Maintain price stability in the Eurosystem
Oversee the Belgian financial system
Ensure the security of banknotes and the efficiency of payment systems
Provide economic and financial data and analyses
ProUnity/Staffing MS is the single point of contact (SPOC) for this mission.
If you have any questions, please contact Douaa Benh ssaine, MSP Consultant, by e-mail at Epco@pro-unity.com.
Company information
The National Bank of Belgium (NBB) is Belgium’s central bank and a full member of the Eurosystem and the European System of Central Banks. Our mission spans monetary policy implementation, the safeguarding of financial stability, the oversight of payment and settlement systems, the prudential supervision of financial institutions, and the issuance of banknotes. Protecting the confidentiality, integrity, and availability of the systems that underpin this mission is a matter of national and European interest.
Position Overview
The L3 SOC Analyst / Detection Engineer is responsible for leading advanced cybersecurity incident investigations, supporting L1 and L2 analysts during escalations, and continuously improving the organization’s detection and response capabilities. The role combines expert-level incident response, proactive threat hunting, and detection engineering to strengthen the maturity and effectiveness of the Security Operations Center (SOC).
Key Responsibilities
Advanced Incident Response
Lead the investigation and resolution of complex and high-severity cybersecurity incidents.
Support L1 and L2 analysts during incident escalations and provide technical guidance.
Conduct advanced forensic investigations and root cause analysis.
Coordinate containment, eradication, and recovery actions with IT and security teams.
Threat Hunting and Advanced Analysis
Perform proactive threat hunting activities using threat intelligence and behavioral analysis.
Identify attacker tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK.
Analyze malware, phishing campaigns , suspicious behaviors, and advanced attack patterns.
Detection Engineering
Design, develop, test, and maintain SIEM/EDR/XDR detection use cases and correlation rules.
Improve existing detections to reduce false positives and increase detection fidelity.
Translate threat intelligence into actionable detection content.
Validate detection effectiveness through simulations, purple team exercises, and adversary emulation.
SOC Continuous Improvement
Identify gaps in monitoring, detection, and incident response processes.
Develop and improve SOC playbooks, procedures, and automation capabilities.
Contribute to SOC reporting, metrics, and operational maturity initiatives.
Mentor junior analysts and support knowledge sharing across the SOC team.
————————————————————————————–
Given that this role is linked to the financial sector, all candidates selected for this role will be subject to a security check.
When submitting the offer, t he Supplier must agree to propose only Consultants who agree to undergo this security check. The process of security check might take up to 30 days to complete: the Supplier accepts this delay and ensures the candidate remains available during screening process.
Only the Supplier Consultant(s) selected by the Customer for this contract will be subject to the security check. Staffing MS will contact the Supplier to request to provide the contact details of the accepted Consultant(s). Upon receipt of this information, the Customer Security Officer (as a critical infrastructure) will contact the accepted Consultant(s) and ask them to provide the forms in which they will give their explicit consent to the execution of the security check, in accordance with Article 22quinquies/1 LHS. The Customer security officer (as administrative authority) forwards the individual request for a security check to the competent Federal Police in accordance with Articles 22bis/1 and 22bis/2 LCH. The Federal Police will draw up a security opinion issued on the basis of the security check. A negative security opinion is notified to the designated Consultant via the Customer security officer (as administrative authority). This notification states the reasons justifying this decision, apart from any information the communication of which could harm the fundamental interests of Belgium or the State. The notification also contains information allowing the decision to be appealed.
If there is no positive security result (for example if no opinion can be given) from the Federal police, the job post will be terminated without contracting.
If the positive security opinion is lost during the contract, the contract will be terminated without any indemnity.
Required Skills
Autonomous, Collaborative, Conscientious, Detection Use case development/improvement, Good communication, iOS, L3 Incident Responder, Linux Red Hat, Malware Analysis, Microsoft Azure, Microsoft Defender XDR, Microsoft Sentinel, Pro-active Mindset, Purple teaming, Responsible, Scripting KQL, Service Now, Splunk, Stamus, Vulnerability Management, Windows Server 2016 to now
Practical Information
- Company: Confidential
- Location: Boulevard de Berlaimont – Hybrid
- Start Date: 1 June 2026
- End Date: 31 May 2027
- Duration: 12 months
- Contract Type: Freelance / Mission
- Application Deadline: 18 May 2026