About this job

We are recruiting an Engineer (Cyber Security) for Sapienza to work on our Customers Site (NATO NCIA) in Portugal.

Responsibilities

• Lead in development/adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete annual review of required NATO regulations and reports.
• Maintain NATO Security Policies. These are formal policies that detail and document actual mechanisms and controls and include at least following in AoR:
• Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
• Personnel Security: Monitor personnel access to sensitive information for which they have appropriate authority and clearance.
• Physical Safeguards: Assign security responsibilities, control access to media and controls in place against unauthorized access to workstations and related equipment.
• Technical Security: Set access and authorization controls for everyday operations as well as emergency procedures for data.
• Transmission security: Set standards for access controls, audit trails, event reporting, encryption and integrity controls.
• Maintain NATO Security Procedures that include:
  • Evaluation and compliance with security measures.
  • Disaster Recovery and Emergency operating procedures.
  • Security Incident Response and process protocols including Incident Reporting and Sanctions.
  • Testing of security procedures, mechanisms and measures.
• Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted classified data and protect against reasonably anticipated threats and hazards.
• Oversee and/or assist in performing on-going security monitoring of customers organization information systems including:
• Assess information security risk periodically.
• Conduct functionality and gap analyses in customers to determine extent to which key business areas and infrastructure comply with NATO statutory and regulatory requirements.
• Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy.
• Ensure compliance through adequate training/awareness programs and periodic security audits. These audits are both internal and external in nature.
• Manage and Monitor endpoints/systems security solutions, includes monitoring of systems and laptops for:
  • Patch management (SCCM).
  • Anti-virus management (DLP/EPO & McAfee).
  • Software updates (SCCM).
  • Usage of unlicensed and pirated software.
  • Incidents of policy violations as per information security policy.
  • Monitor of network needs for usage and misuse cases, as well as alerts when any mischief is detected in network; action and investigation will follow.
  • Incident report to NCIRC for investigation (after local investigation process be carried out).
• Operate regular inspections of systems and network processes for security updates as System/Network Security Officer.
• Support in elaboration of accreditation processes for several CIS systems under CSU responsibility area.
• Conduct audit process for initiating security and safety measures and strategies.
• Customize access to information per rules and necessity (user access services at Active Directory in NU, NS and MS networks).
• Manage COMSEC Team (Crypto Custodian, Crypto related equipment and Security Inspections at COMSEC area).
• Monitor CIS Security Service that covers and is limited to below Service Instances to customers at following levels, in coordination with COMSEC team:
  • TCE Configuration and monitoring.
  • TCE patch updates/maintenance.
  • NATO transmission security.
• Tempest installation survey.

Profile

• Required Security Clearance: NATO Secret
• Experience in performing accreditation processes, risk management and security architecture design. Participate, as required, in Security Accreditation/Approval meetings representing CSU Lisbon interests.
• Provide information risk assessment and risk management consulting to technology teams during planning, procurement, and implementation and operating phases of projects.
• Ensure that security configurations of NCI Agency CSU Lisbon supported systems are properly implemented, monitored, and reported.
• Work with businesses and technology teams to identify and coordinate deployment of appropriate compensating controls to address security and risk gaps (residual risk management).
• Assist technology teams in implementation of required security controls.
• Maintain security baseline settings and information for hardware and software items.
• Ensure compliance with applicable NATO security regulations and conditions of security approvals and/or accreditations.
• Remain current on emerging technology trends and associated information security issues surrounding them.
• Experience working within classified network environment;
• Practical experience in identifying appropriate computer security tools usable in classified environments, and implementing them to support system operations;
• Expertise in establishing and operating an effective intrusion detection system;
• Good knowledge of NATO INFOSEC Policy, Directive and Guidance or readiness to acquire this as soon as practicable after appointment;

Candidates must be eligible to work in the EU 

———

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.