Security Incident Response Team - Incident Coordinator
As a Security Incident Response Coordinator, you are responsible for managing high priority incidents, minimizing impact and ensuring optimal communication on all levels of the ASML organization.
Introduction to the job
ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers – to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics.
Digitalisation is all about data, and data must be trusted for ASML to be successful and deliver top notch technical solutions in the semiconductor industry. ASML’s Security department is therefore seen as pivotal for the success and sustainable growth of ASML. Not only the number of employees, but also its ever-expanding supplier and customer base are demanding beyond best-in-class security. This dynamic and challenging environment requires beyond best-in-class security professionals.
Role and responsibilities The Security Incident Response Team, part of the Security Operations Center within ASML, minimizes the damage from Security Incidents, through real time detection & response. By constantly acting on alerts, improving and adapting our monitoring controls we enable ASML to operate in an increasingly hostile environment. We work closely together with other security functions and other ASML teams utilizing our shared in depth knowledge in this effort to secure the business for all our stakeholders. To improve our Incident Response services we are looking for a skilled professional in this area to complement and support our growing team.
As a Security Incident Response Coordinator, you will continually look for improvements in our ways of working and ensure quality of our incident response activities, working closely with team managers and team members. You ensure a well-coordinated incident response, communication and reporting lines in close collaboration with other stakeholders and teams within ASML. You participate in continuous process improvements across ASML Security, ensuring the Incident Response requirements are met and allow us to keep up with the developing threat landscape.
Your responsibilities
Coordinate high priority incidents by going through the incident lifecycle and ensuring high quality communications.
Run confidential investigations with an insider risk aspect in close collaboration with HR and Legal reporting directly to the Head of Security Incident Response.
Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
Carry out the Duty Officer role periodically as second point of escalation ensuring quick and effective response 24x7 for major incidents.
Create and optimize playbooks and workflows in close alignment with the team managers.
Support in the design and configuration of new incident response and investigative capabilities.
Help in identifying maturity gaps and lack of coverage in current capabilities and work with Security Architecture and Technology Support teams to define plans for remediation.
Coach and provide guidance to more junior analysts in the SIRT.
Education and experience To be successful in this position, you possess excellent thinking and contextual analysis skills as well as excellent communication skills. You are able to manage critical incidents efficiently, taking decisive action based on available information in a timely manner. You ensure efficient communication and reporting with business on all levels within the organization. You are a team player, possess good teaching and coaching skills, are stress resistant and willing to go above and beyond where required.
Ideally, your key competencies and skills will be:
Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
7-10 years of experience working in an analyst/incident responder role within an enterprise environment and experience in coordinating major incidents leading to business continuity disruption.
Ability to research and characterize security threats to include identification and classification of threat indicators.
Experience / knowledge on host forensics, network forensics, log analysis and malware (static/dynamic analysis) triage.
Experience / knowledge on Security ticketing systems, SOC procedures and Security tools, including Automation incident response workflow .
Experience / knowledge on networking concepts, including TCP/IP protocols and network topology.
Experience / knowledge of the Cyber Kill Chain & MITRE ATT&CK framework.
Experience / knowledge of current vulnerabilities, response, and mitigation strategies used in cyber security.
Other information
This role requires the ability to work in a fast-paced environment, often under pressure.
Willing to work in 24/7 on-call shifts to be available for escalations outside business hours.
The role is primarily office-based, with the possibility of remote work depending on the organization's policies.
This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.
Diversity and inclusion
ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
Need to know more about applying for a job at ASML? Read our frequently asked questions.