Cyber Incident Response Lead – EU Institution

Leonardo Belgium is supporting a major European Institution in strengthening its cyber defense, incident response, and crisis management capabilities.

You will join a high-impact cybersecurity environment where resilience, coordination, and rapid response are critical. The role sits at the core of cyber operations, with direct ownership on ensuring incidents are detected, contained, and resolved efficiently across a complex, multi-site and hybrid infrastructure.

This is not a pure SOC role, you will combine technical expertise with leadership and stakeholder interaction in a highly regulated, international environment to drive decisions during critical security events. This role is suited for experienced cybersecurity professionals who have operated in high-stakes environments and are comfortable taking the lead and orchestrating response efforts.

Job Specifications

• Location : Luxembourg (3 days on-site 2 days remote from a nearby location)

• Urgent need : Early application heavily encouraged

• Start date : End of April / Early May

• Type of contract: Freelance / B2B

As Cyber Incident Response Lead, you will own and drive the full lifecycle of cybersecurity incidents, from detection to recovery, ensuring timely and effective resolution. You will coordinate efforts to analyses threats, mitigates damage, provides forensic evidence to prevent future occurrences and restore processes and functionalities based on the client’s Incident Response Plan.

You will:

• Lead the end-to-end incident response lifecycle (detection, analysis, containment, recovery)

• Act as SPOC for cyber incidents, coordinating internal teams and external stakeholders

• Analyze complex and escalated security alerts from SIEM, EDR, logs and monitoring platforms

• Lead and perform deep-dive investigations to determine root cause, scope and impact

• Drive containment and remediation actions across systems and environments

• Lead interactions with CSIRTs, authorities and external partners for high-impact incidents

• Contribute to and continuously improve the Incident Response Plan

• Ensure proper incident reporting, documentation and lessons learned

• Lead or contribute to cyber crisis exercises and readiness activities

• Oversee the collection and handling of digital evidence in line with forensic standards

Experience / Education / Certification Requirements

• Proven experience leading or coordinating cybersecurity incident response activities within complex, large-scale environments

• Experience handling security incidents in complex environments

• Previous exposure to EU institutions or regulated environments is a plus

• A degree in Computer Science, Cybersecurity, or a related field is considered an asset

• At least one cybersecurity-related certification

Personal Attributes

• Ability to lead and coordinate under pressure

• Strong communication skills with both technical and non-technical stakeholders

• Structured, analytical mindset with strong problem-solving abilities

• Comfortable working in a fast-paced, international environment

• Strong command of English, French and/or Italian are assets

Technical Skills

• Strong knowledge of SIEM, EDR, and monitoring tools

• Understanding of attack techniques (MITRE ATT&CK or similar frameworks)

• Experience with incident handling, threat analysis, and forensics basics

• Ability to work across on-prem and cloud environments

• Scripting skills (Python, PowerShell, etc.) are a plus

What’s in it for you?

• Work in a high-visibility cybersecurity environment within a major EU institution

• Take ownership of critical incident response activities

• Operate in a complex, multi-site and hybrid infrastructure

• Collaborate with international stakeholders and cyber experts

• Long-term assignment supporting critical cyber defense operations

Once we receive your CV, we will evaluate it carefully. Should there be a match for this or any other position at Leonardo Belgium, we will be in touch with you. In case there is no match now, we will make sure to keep your CV in consideration for future vacancies!