CSIRT - Security Incident Responder

  • Vakgebied IT
  • Dienstverband Fulltime
  • Vacaturenummer VAC-10006078
  • Locatie Veldhoven
  • Type overeenkomst Secondment via YER
  • Branche IT & Telecom

Over deze vacature

ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers – to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics.

The Cyber Defence Center (CDC) within ASML (Veldhoven office) through real time detection & response minimises the damage caused by threat actors bypassing ASML preventative security controls and protecting ASML information. By constantly acting on alerts, improving and adapting our monitoring controls we enable ASML to operate in an increasingly hostile environment. We work closely together with other security functions and other ASML teams utilising our shared in depth knowledge in this effort to secure the business for all our stakeholders. To improve our Incident response services we are looking for a skilled professional in this area to complement and support our growing team.


Job Mission

You continually watch and respond to security alerts (triage) and work with the Security Operations Center in escalations of notable incidents. You participate in continuous process improvements in order to keep up with the developing threat landscape.

Job Description

Your responsibilities

  • Carry out the Duty Officer role & CSIRT second line standby role on a periodic basis
  • Support in the design and configuration of new incident response and investigative capabilities
  • Help in identifying maturity gaps and lack of coverage in current capabilities and define plan to remediate.
  • Coach and provide guidance to L2, L1 analysts
  • Support in the development of threat management capability road maps
  • Recognise and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
  • Create and optimise playbooks and workflows both for the SOC and for the CSIRT


ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.


You will be employed by YER and seconded to ASMLs. We offer:

  • Good employee benefits (e.g. work-life balance, pension, lease car, bonus model)
  • Challenging assignments
  • Excellent guidance from your consultant and YER's back office
  • Development opportunities, including the YER Talent Development Programme with a personal coach
  • Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
  • Cooperative and results and relationship-driven
  • Friendly atmosphere and open culture
  • Community/network with other technology professionals from a variety of multinationals
  • Events and master classes with interesting speakers and attractive companies



Bachelor or Master’s degree in cyber security, Computer science or equivalent combination of education and work experience


3-5 years of experience working in an analyst/incident responder role within an enterprise environment

Other information

Certifications CISSP, GCIH, GCFA etc.

Personal skills

  • Ability to take decisive action based on available information in a timely manner;
  • Ability to research and characterise security threats to include identification and classification of threat indicators;
  • Critical thinking and contextual analysis abilities;
  • Investigative and analytical problem solving skills;
  • Teamwork, can-do mentality;
  • Stress resistant and natural multitask-er
  • Strong time management skills and willing to go above and beyond where required
  • Teaching and coaching ambition for junior team members

Knowledge of

  • Host forensics, network forensics, log analysis and malware (static/dynamic analysis) triage
  • Security ticketing systems and basic SOC procedures
  • Security tools e.g. log management tools, endpoint and network security controls
  • Networking concepts, including TCP/IP protocols and network topology
  • Proficient with scripting programming e.g. Bash, PowerShell, Python
  • Automation incident response workflow -the Cyber Kill Chain & MITRE ATT&CK framework
  • Vulnerabilities, research & testing, tinkering and pulling things apart
  • The current vulnerabilities, response, and mitigation strategies used in cyber security;
  • Proficient in English (business language)
  • Willing to work in 24/7 shifts/outside office hours