27 days ago - req31918

CSIRT - Security Incident Responder

Other corporate functions

Computer science & software engineering

In a nutshell


Veldhoven, Netherlands


Other corporate functions


3-7 years



Job Category

Computer science & software engineering



Introduction to the job

Are you an experienced Cyber Analyst with a passion for IT Security and a curiosity how things work, we are looking for you to join our growing Cyber Defense Incident Response team.

ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers – to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics.

The Cyber Defense Center (CDC) within ASML (Veldhoven office) minimizes the damage caused by threat actors bypassing ASML preventative security controls through real time detection & response and therefore protecting ASML assets. By constantly acting on alerts, improving and adapting our monitoring controls we enable ASML to operate in an increasingly hostile environment. We work closely together with other security functions and other ASML teams utilizing our shared in depth knowledge in this effort to secure the business for all our stakeholders. To improve our Incident Response services we are looking for a skilled professional in this area to complement and support our growing team.

Role and responsibilities

You will continually watch and respond to security alerts (triage) and work with the Security Operations Center in escalations of notable incidents. You participate in continuous process improvements in order to keep up with the developing threat landscape.

Your responsibilities
- Respond to medium and high priority incidents by going through the incident lifecycle
- Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
- Carry out the Duty Officer role & CSIRT second line standby role on a periodic basis
- Create and optimize playbooks and workflows both for the SOC and for the CSIRT
- Support in the design and configuration of new incident response and investigative capabilities
- Help in identifying maturity gaps and lack of coverage in current capabilities and define plans for remediation
- Coach and provide guidance to L1 analysts
- Support in the development of threat management capability roadmaps

Education and experience

- Bachelor or Master’s degree in cyber security, Computer science or equivalent combination of education and work experience

- 3-4 years of experience working in an analyst/incident responder role within an enterprise environment

- Certifications: CISSP, GCIH, GCFA or similar

Knowledge on
- Host forensics, network forensics, log analysis and malware (static/dynamic analysis) triage
- Security ticketing systems and basic SOC procedures
- Security tools e.g. log management tools, endpoint and network security controls
- Networking concepts, including TCP/IP protocols and network topology
- Proficient with scripting programming e.g. Bash, PowerShell, Python
- Automation incident response workflow
- the Cyber Kill Chain & MITRE ATT&CK framework
- vulnerabilities, research & testing, tinkering and pulling things apart
- the current vulnerabilities, response, and mitigation strategies used in cyber security;
- Proficient in English (business language)


Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.
To thrive in this job, you’ll need the following skills:

- Ability to take decisive action based on available information in a timely manner;
- Ability to research and characterize security threats to include identification and classification of threat indicators;
- Critical thinking and contextual analysis abilities;
- Investigative and analytical problem solving skills;
- Teamwork, can-do mentality;
- Stress resistant and natural multi-tasker
- Strong time management skills and willing to go above and beyond where required
- Teaching and coaching ambition for junior team members

Diversity & Inclusion

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

Other information

- Willing to work in 24/7 shifts / outside office hours a couple of weeks in the year

Role name: CSIRT - Security Incident Responder
Maturity level: Medior
CDC Value stream: Incident response & Investigation

Need to know more about applying for a job at ASML? Read our frequently asked questions.