Field(s) of expertise
About this job
We are recruiting an Engineer (Cyber Security) for Sapienza to work on our Customers Site (NATO NCIA) in Portugal.
- Lead in development/adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete annual review of required NATO regulations and reports.
- Maintain NATO Security Policies. These are formal policies that detail and document actual mechanisms and controls and include at least following in AoR:
- Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
- Personnel Security: Monitor personnel access to sensitive information for which they have appropriate authority and clearance.
- Physical Safeguards: Assign security responsibilities, control access to media and controls in place against unauthorized access to workstations and related equipment.
- Technical Security: Set access and authorization controls for everyday operations as well as emergency procedures for data.
- Transmission security: Set standards for access controls, audit trails, event reporting, encryption and integrity controls.
- Maintain NATO Security Procedures that include:
- Evaluation and compliance with security measures.
- Disaster Recovery and Emergency operating procedures.
- Security Incident Response and process protocols including Incident Reporting and Sanctions.
- Testing of security procedures, mechanisms and measures.
- Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted classified data and protect against reasonably anticipated threats and hazards.
- Oversee and/or assist in performing on-going security monitoring of customers organization information systems including:
- Assess information security risk periodically.
- Conduct functionality and gap analyses in customers to determine extent to which key business areas and infrastructure comply with NATO statutory and regulatory requirements.
- Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy.
- Ensure compliance through adequate training/awareness programs and periodic security audits. These audits are both internal and external in nature.
- Manage and Monitor endpoints/systems security solutions, includes monitoring of systems and laptops for:
- Patch management (SCCM).
- Anti-virus management (DLP/EPO & McAfee).
- Software updates (SCCM).
- Usage of unlicensed and pirated software.
- Incidents of policy violations as per information security policy.
- Monitor of network needs for usage and misuse cases, as well as alerts when any mischief is detected in network; action and investigation will follow.
- Incident report to NCIRC for investigation (after local investigation process be carried out).
- Operate regular inspections of systems and network processes for security updates as System/Network Security Officer.
- Support in elaboration of accreditation processes for several CIS systems under CSU responsibility area.
- Conduct audit process for initiating security and safety measures and strategies.
- Customize access to information per rules and necessity (user access services at Active Directory in NU, NS and MS networks).
- Manage COMSEC Team (Crypto Custodian, Crypto related equipment and Security Inspections at COMSEC area).
- Monitor CIS Security Service that covers and is limited to below Service Instances to customers at following levels, in coordination with COMSEC team:
- TCE Configuration and monitoring.
- TCE patch updates/maintenance.
- NATO transmission security.
- Tempest installation survey.
- Required Security Clearance: NATO Secret
- Experience in performing accreditation processes, risk management and security architecture design. Participate, as required, in Security Accreditation/Approval meetings representing CSU Lisbon interests.
- Provide information risk assessment and risk management consulting to technology teams during planning, procurement, and implementation and operating phases of projects.
- Ensure that security configurations of NCI Agency CSU Lisbon supported systems are properly implemented, monitored, and reported.
- Work with businesses and technology teams to identify and coordinate deployment of appropriate compensating controls to address security and risk gaps (residual risk management).
- Assist technology teams in implementation of required security controls.
- Maintain security baseline settings and information for hardware and software items.
- Ensure compliance with applicable NATO security regulations and conditions of security approvals and/or accreditations.
- Remain current on emerging technology trends and associated information security issues surrounding them.
- Experience working within classified network environment;
- Practical experience in identifying appropriate computer security tools usable in classified environments, and implementing them to support system operations;
- Expertise in establishing and operating an effective intrusion detection system;
- Good knowledge of NATO INFOSEC Policy, Directive and Guidance or readiness to acquire this as soon as practicable after appointment;
Candidates must be eligible to work in the EU
For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.