Field(s) of expertise
About this job
Sapienza Consulting is recruiting a NCSC Intelligence Analyst to work at NATO NCIA in Mons, Belgium.
As Incident Handling Officer dedicated to interaction with NATO Partners (Industry, non-NATO Nations, NGOs, etc) embedded within NCIRC working environment, successful candidate will be required to use their knowledge and experience to work on Cyber Security Incident Handling and Reporting, with emphasis on post-Incident Analysis. Role will involve fusing Cyber Threat Intelligence & Analysis from all relevant sources currently available to NCIRC for redistribution based on existing MoUs, Technical Agreements and Industry Partnership Agreements. Incumbent will also be in charge of engaging with NATO Cyber Threat Intelligence Stakeholders to improve quantity/quality of information exchanged. Incumbent will maintain content of existing information sharing platforms (i.e. MISP) as well as propose improvements. Also foster and maintain active information sharing relationship with CSSL partners and contributes to CSSL products .
- Collation/Analysis of Cyber Threat Intelligence
- Dissemination of Cyber Threat Analysis to the appropriate audiences
- Pro -active engagement with the Cyber Threat Intelligence Community both internal/external to NATO
- Monthly reporting on approved KPls for Cyber Threat Intelligence sources
- Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role
- Monthly reporting to both Customer and Business Stakeholders
- Ad-hoc taskings from Incident Management Section (IMS) in support to investigations
- Improvement of NCIRC TC processes for receiving, searching, analysing and storing cyber threat data
- Design/maintain/improve automatic Cyber Threat sharing capability
- Regular, at least monthly, Knowledge Transfer meetings with appropriate Stakeholders, focusing on Key Cyber Security Threats, particularly those that may have impact on NATO
- Significant Cyber Security Incidents, including relevant post-Incident Analysis
- Improvements to Cyber Security processes currently in use within NCIRC TCIMS
- Cyber Security Incident Trends
- Required Security Clearance: NATO Secret
- Significant demonstrable experience in Cyber Security related environment, with emphasis on both event analysis and post-Incident Management
- Experience in liaising at both technical and managerial level in successful resolution of Cyber Security Incidents, incumbent must have excellent written and spoken communication skills
- Experience in producing accurate and meaningful reports, both technical and managerial, on activities related to Cyber Security Incidents
- Experience I Education Equivalence: If candidate has RELEVANT degree (e.g. Computer Security), this counts towards equivalence for demonstrable experience, however irrespective of candidate’s education, some hands on experience within equivalent role is required:
- Essential to have one or more professional SANS (e.g., GSEC, GCIA) and/or CISSP and/or CISM Certifications
- Senior level of management and analysis of (i.e. Security Event Analyst experience) Cyber Security Incidents, and/or configuration, operation, troubleshooting and management (i.e. Tools Specialist) in at least one of following areas, and a high level of experience in several other areas: ArcSight products, Network Based Intrusion Detection Systems (NIDS), Host Based Intrusion Detection Systems (HIDS), Network security appliances and networking devices and associated management software
- Variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances), Computer Incident Response Centre (CIRC), Computer Emergency Response Team (CERT), Computer Forensics Tools (stand alone, online and network)
- Computer Security Tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus. Protocol Analysis, Anti-Spyware, etc.)
- Secure web design and development
- Military communication systems and networks. Network, system and application level troubleshooting techniques.
- Ability to effectively manage own workload in a high tempo environment to Time, Quality and Standards
- Ability to effectively communicate technical solutions to various audiences, both technical/non-technical
- Be self-motivated and driven to follow-up Cyber Security Incidents to their logical conclusion.
- Ability to work in an International environment embedded in the Customer’s location in mainland Europe
- Previous experience of working with NATO
Candidates must be eligible to work in the EU
For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.