FPC/NIPS Tool Manager 2 (NATO NCIA)

Mons, Belgium, Sapienza Consulting [AAS4925]

Field(s) of expertise
Cyber Security
Job type

About this job

Sapienza Consulting is recruiting a FPC/NIPS Tool Manager 2 to work at NATO NCIA in Mons, Belgium.


As Full Packet Capture (FPC) / Network Intrusion Prevention System (NIPS) Tool Manager, incumbent will be responsible for supporting Cyber Defence operations, maintaining and updating tool’s configurations to match threat environment, specifically for Full Packet Capture and Network Prevention Intrusion System activities. FPC / NIPS Tool manager under Head, Gateway Security Services Section will work with Security Event Analysts (SEAs) and Engineers of CS Operations Branch to help tune security tools for optimum CS Incident Detection while keeping required performance target. He will also work with Staff of Platform and Infrastructure Management Section to support underlying platforms. Main aim is to ensure that NCIRC Full Packet Capture (capability to store locally record of network traffic at various critical points) and NIPS (capacity to identify potential cyber-attacks and intrusion on NATO networks) are installed, configured and fully available. Main responsibilities include, but are not limited to following:

  • Install, Configure and administer and provide ongoing support of Cyber Defense associated specialist tools (see below)
  • Full Packet Capture (to include RSA Netwitness platform)
  • Network Intrusion Prevention System (to include Cisco Sourcefire and potentially Palo Alto Network Threat Prevention)
  • Support investigation of Security Events to establish if these are expected tool behaviours, events or security threat.
  • Provide technical support for performance testing of content and rules.
  • Ensure that all other NCIRC specialist applications related to FPC and NIPS are installed, configured, and running properly and in line with dependencies with other systems or applications and NCSC needs. This includes, but is not limited to ensuring proper setup and functioning of NIPS/FPC appliances or integration into monitoring systems.
  • Support Initiation, preparation, follow-up and defence of specialist applications upgrades in front of Change Management Board
  • Support development of implementation plans for new capabilities in NIPS/FPC areas and take ownership to ensure rapid implementation of those new tools and optimizations.
  • Implement approved changes. Proactively recommend optimizations to capabilities to provide effective and efficient service operations
  • Review security documentation and provide technical advice, when requested
  • Maintain awareness of new technologies and developments, industry standards and best practices within the NCSC community for FPC / NIPs tools, participating in knowledge sharing with other analysts and develop solutions efficiently
  • Perform other essential duties as assigned, as preparation of technical and/or executive level reports


  • Required Security Clearance: NATO Secret
  • Essential to have Bachelor’s Degree in Computer Science combined with minimum of 2 years’ experience in as Security Tool Analyst (STA), Security Tool Manager or similar position involving Technical ICT Engineering knowledge, or Secondary education and completed advanced vocational education (leading to professional qualification or professional accreditation) with 5 years post related experience.
  • Experience with enterprise Full Packet Capture solutions (e.g. Niksun, RSA / NetWitness)
  • Previous experience in NIPS, including Detection and Prevention (signature-based detection and statistical anomaly-based detection) systems (preferably Cisco Sourcefire/NGIPS or Palo Alto Network Threat Prevention), preferably on enterprise level
  • Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
  • Deep knowledge of Sourcefire / Snort
  • Practical hands-on experience in systems and tools administration.
  • Comprehensive knowledge of principles of computer and communication security, LAN/WAN networking including protocol network architecture, and the vulnerabilities of modern operating systems and applications.
  • Troubleshooting of Linux and/or Windows infrastructures;
  • Excellent communication abilities, both written and verbal, with ability to clearly and successfully articulate complex issues to a variety of audiences and teams



  • Knowledge of deploying Palo Alto Networks Threat Prevention
  • Software engineering including programming and/or scripting knowledge (Python, shell scripting, PowerShell).
  • Industry leading certification in the area of Cybersecurity such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC
  • Solid understanding of Information Security Practices; relating to Confidentiality, Integrity and Availability of information (CIA triad)
  • Prior experience of working in an international environment comprising both military and civilian elements


Candidates must be eligible to work in the EU

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.