Security Operations & Testing Consultant (Ref: 334)

For one of our clients, a bank located in Luxembourg City, we are looking for a Security Operations & Testing Consultant.

Mission:

Enhance security monitoring, SIEM coverage, and operational resilience through advanced monitoring, logging, incident response, and security testing in alignment with regulatory and business requirements.

Key Responsibilities:

• Review and improve the Bank’s security monitoring framework, ensuring coverage of all relevant assets and technologies.

• Define and manage logging requirements, SIEM coverage, and use case development/maintenance (including insider threat detection).

• Implement processes for use case lifecycle: approval, testing, documentation, and periodic review.

• Strengthen SIEM resilience, including RPO/RTO documentation and coverage reconciliation.

• Oversee and execute vulnerability assessments, penetration testing, and Digital Operational Resilience (DORA) testing.

• Define and implement risk-based testing calendars, test scripts, and playbooks.

• Ensure proper classification, follow-up, and remediation of security incidents and test findings.

• Develop and report security metrics, KPIs, and dashboards for management.

• Collaborate with IT, business, and third-party providers to enhance monitoring and testing capabilities.

Required Skills & Experience:

• 5+ years in security operations (SOC), SIEM management, and security testing (pen-testing, DORA).

• Hands-on experience with SIEM platforms, log management, and use case development (Splunk, QRadar, etc.).

• Strong background in security incident response and playbook development.

• Experience with automated security controls, network detection and response (NDR), behavioral analytics, and test execution.

• Excellent analytical, problem-solving, and reporting skills.

• Fluent in French and English.

• University degree in Computer Science, Information Security, or related field.

• Relevant certifications are a plus (CISSP, CISM, CISA, GIAC, ISO 27001 Lead Implementer/Auditor, etc.).

• Capable of working autonomously, proactive, and results-oriented.

• Strong documentation, communication, and stakeholder engagement skills.

• Proven experience working in regulated (preferably financial) environments and with third-party providers.

• Able to prioritize, manage multiple projects, and deliver results under pressure.