Steven Goossens, Developer in Lokeren, Belgium
Steven is available for hire
Hire Steven

Steven Goossens

Verified Expert  in Engineering

Cybersecurity Specialist and Developer

Lokeren, Belgium
Toptal Member Since
October 20, 2020

Steven is a seasoned consulting professional and cybersecurity specialist with a demonstrated history of working in telecommunications. His expertise includes threat intelligence, computer forensics, incident monitoring, and response and security architecture. Steven holds multiple certifications in his field including GIAC Certified Intrusion Analyst (GCIA) from the SANS Institute and Certified Information Systems Security Professional (CISSP) from (ISC)².


Python, Splunk, XSOAR, Security Orchestration, Automation, and Response (SOAR)...
Contract at SIX Payments
ELK (Elastic Stack), Incident Response, Security, Elasticsearch, Kibana...




Preferred Environment


The most amazing...

...thing I've done is to discover and analyze an APT attack and then rebuild the core infrastructure and start a security program for a large company.

Work Experience

Cyber Defense Security Architect

2021 - PRESENT
  • Introduced the SOAR platform with associated playbooks that map to the company's incident response processes.
  • Migrated the SIEM platform, including all log sources, use cases, and more.
  • Provided assistance in various security incident and threat intelligence topics.
Technologies: Python, Splunk, XSOAR, Security Orchestration, Automation, and Response (SOAR), Cyber Defense

SIRT Team Member (Security Incident Response)

2019 - 2021
Contract at SIX Payments
  • Assisted the SIRT team in refining and maturing their incident monitoring and response processes.
  • Helped the QRadar project team determine which logs to collect, how to interpret them, and what use cases to build.
  • Performed security big data analyses using the ELK stack.
  • Handled incidents, which included prioritizing incidents, performing complex incident analysis, documenting findings, research, and so on.
Technologies: ELK (Elastic Stack), Incident Response, Security, Elasticsearch, Kibana, Logstash

Cybersecurity Technical Program Lead

2018 - 2018
  • Led and was responsible for IT security which included establishing various incident responses and processes.
  • Served as the team lead on project teams handling various security projects.
  • Advised on a range of cybersecurity issues and topics.
Technologies: Cybersecurity

Security Architect

2017 - 2018
  • Managed and was responsible for the overall IT security plan.
  • Defined the IT security roadmap as well as other accompanying tasks.
  • Advised on the implementation of security in various IT projects.
Technologies: IT Security

CSIRT Specialist

2014 - 2017
  • Built out the security incident response team in terms of processes and technology.
  • Managed different security incidents, from PR incidents to compromised devices that required forensic analysis.
  • Implemented a SIEM solution for security monitoring.
  • Performed threat analyses for new and emerging cases to evaluate how they could affect Proximus. This included forensic investigations where applicable, documentation of analysis findings, researching threat actors, and so on.
  • Performed a technical analysis of new vulnerabilities.
  • Liaised with third parties (other telecom operators, security actors, equipment vendors) to gather intelligence about emerging threats and vulnerabilities. Took appropriate actions with relevant teams to limit risk and exposure.
  • Collected and generated statistical incident information and build reporting and regularly presented the reporting information to higher management.
  • Initiated and participated in expert reviews with engineering and monitoring teams to improve the security architecture for critical environments, monitoring tools, security processes, cyber defense strategies, and so on.
Technologies: Elastic, Incident Response, SIEM, Network Security, Networks, Cybersecurity, Python, Cyber Defense

Solution Engineer, Security

2012 - 2014
Belgacom (now Proximus)
  • Consulted on infrastructure engineering for ArcSight SIEM infrastructure (logger, connectors, connector appliance, ESM Express 4.0).
  • Provided content engineering for ArcSight SIEM and support in the monitoring and analysis of security incidents.
  • Investigated, contained, and remediated major and minor security incidents.
  • Created secure network designs and engineered the security infrastructure (Check Point, Juniper, Blue Coat) as well as advising about IT security on projects.
Technologies: Networks, Incident Response, Elastic, Network Security, SIEM, Python, Cybersecurity, IT Security

ICT Security Consultant

2010 - 2012
Ernst & Young (EY)
  • Managed different short-term audit engagements to determine the general state of IT security.
  • Ran an engagement to create a network segmentation strategy for a large Telco in Belgium.
  • Performed an audit for the ISO27001 certification of a public organization based in Belgium.
  • Developed security roadmaps to improve technical security within large organizations.
  • Performed network security reviews for various smaller organizations in Belgium.
Technologies: IT Security

SIEM Implementation

I implemented the SIEM (security information and event management) solution at Proximus, which required log source onboarding, platform scaling & engineering, development of security use cases, and integrations with different products to enable a full IR workflow.
2008 - 2010

Master's Degree in Computer Science

University of Ghent - Ghent, Belgium

2005 - 2009

Bachelor's Degree in Informatics

University of Ghent - Ghent, Belgium


Certified Information Systems Security Professional (CISSP)

The International Information System Security Certification Consortium | (ISC)²


GIAC Certified Intrusion Analyst (GCIA)

SANS Institute


Elastic, ELK (Elastic Stack), Kibana, Logstash, Splunk


DDoS, Security Orchestration, Automation, and Response (SOAR)


Malware Information Sharing Platform (MISP), Windows

Industry Expertise

Telecommunications, Cybersecurity, Network Security


Elasticsearch, Azure Active Directory


Python, Java, Bash


Networks, SIEM, Incident Response, Security, Security Monitoring, Digital Forensics, IT Security, Event Management, Information Security, Security Architecture, Firewalls, IDS/IPS, Threat Intelligence, Cyber Threat Hunting, SecOps, IT Infrastructure, Malware Analysis, Cloud Security, Data Analytics, XSOAR, Cyber Defense

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.


Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring