Tools Engineer (NATO – NCIA)

Mons, Belgium, Sapienza Consulting [ASS-C000391]

Field(s) of expertise
Information Technology Cyber Security
Job type

About this job

Sapienza Consulting is recruiting a Tools Engineer to work at NCIA in Mons, Belgium.


  • Coordinate the team effort regarding the management of the tools used for Security Incident Event Management (SIEM), including Log Aggregation (LogA) Microfocus Arcsight Loggers, Microfocus Arcsight Connectors and Splunk Forwarders.
  • Be overall responsible for configuration, deployment, monitoring and troubleshooting activities related to the tools mentioned above.
  • Liaise with service delivery manager and end-users to ensure the tools sufficiently support the respective service.
  • Provide advice and technical assistance to NATO CIS administrators and IT Security officers in the area of SIEM tools.
  • Follow, establish and improve the procedures that support the management of the SIEM tools.
  • Develop and maintain documentation guidelines.
  • Contribute to existing and future projects by providing the SIEM tools’ analysis aspects and impact.
  • Monitor all system components and take appropriate actions for solving detected issues. Provide required support and assistance for integrating the tools with other internal tools.
  • Ensure that all NCSC specialist applications related to SIEM and LogA are installed, configured, and running properly and in line with dependencies with others systems or applications and NCSC needs.
  • Identify upgrade requirements and areas of improvement to ensure an up-to-date and stable environment. Justify business needs, prepare documentation and propose implementation plan for the Change Management Board.
  • Implement the approved changes following co-ordination with other stakeholders
  • Proactively recommend optimizations to capabilities to provide effective and efficient service operations.
  • Review security documentation and provide technical advice, when requested.
  • Create technical reports and/or executive level reports as required.
  • Provide subject matter expertise and input for any future projects and system expansion.
  • Perform other essential duties as assigned.

Candidates must be eligible to work in the EU



For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.


  • Bachelor’s Degree in Computer Science combined with a minimum of 2 years’ experience in as Security Tool Analyst (STA), Tool Manager or similar position involving technical ICT Engineering knowledge, or a Secondary education and completed advanced vocational education (loading to a professional qualification or professional accreditation) with a minimum of 4 years post related experience.
  • Hold a valid NATO Secret Security Clearance
  • Extensive practical experience with SIEM and Log Aggregation products – e.g.MicroFocus ArcSight and Splunk.
  • Expert level and previous experience related to Log Aggregation and SIEM management activities
  • Practical hands-on experience in systems and tools administration.
  • Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
  • Troubleshooting of Linux and/or Windows infrastructures.
  • Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
  • Demonstrable ability to work autonomously and proactively, to understand the NCSC chain of command and to follow internal processes
  • Solid understanding of regular expressions
  • Proficient with SIEM content creation – correlation rules, reports, dashboards


  • Technical experience with endpoint security controls, such as antimalware, DLP and application whitelisting.
  • Professional certifications such as the ones from ISC2, ISACA, GIAC or other recognized certification programmes, ideally with emphasis on IT security.
  • Experience in providing engineering support to a Computer Emergency Response team.
  • Understanding the Indicator of Compromise (IOC) concept and experience in integration of Threat Intel feeds and IOCs with SIEM platform.
  • Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell).
  • A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
  • Prior experience of working in an international environment comprising both military and civilian elements

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.