Engineer (Cyber Security) (NATO NCIA)

Oeiras, Portugal, Sapienza Consulting [AAS-C001258 ]

Field(s) of expertise
Cyber Security
Job type

About this job

We are recruiting an Engineer (Cyber Security) for Sapienza to work on our Customers Site (NATO NCIA) in Portugal.


  • Lead in development/adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete annual review of required NATO regulations and reports.
  • Maintain NATO Security Policies. These are formal policies that detail and document actual mechanisms and controls and include at least following in AoR:
  • Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
  • Personnel Security: Monitor personnel access to sensitive information for which they have appropriate authority and clearance.
  • Physical Safeguards: Assign security responsibilities, control access to media and controls in place against unauthorized access to workstations and related equipment.
  • Technical Security: Set access and authorization controls for everyday operations as well as emergency procedures for data.
  • Transmission security: Set standards for access controls, audit trails, event reporting, encryption and integrity controls.
  • Maintain NATO Security Procedures that include:
    • Evaluation and compliance with security measures.
    • Disaster Recovery and Emergency operating procedures.
    • Security Incident Response and process protocols including Incident Reporting and Sanctions.
    • Testing of security procedures, mechanisms and measures.
  • Maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted classified data and protect against reasonably anticipated threats and hazards.
  • Oversee and/or assist in performing on-going security monitoring of customers organization information systems including:
  • Assess information security risk periodically.
  • Conduct functionality and gap analyses in customers to determine extent to which key business areas and infrastructure comply with NATO statutory and regulatory requirements.
  • Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy.
  • Ensure compliance through adequate training/awareness programs and periodic security audits. These audits are both internal and external in nature.
  • Manage and Monitor endpoints/systems security solutions, includes monitoring of systems and laptops for:
    • Patch management (SCCM).
    • Anti-virus management (DLP/EPO & McAfee).
    • Software updates (SCCM).
    • Usage of unlicensed and pirated software.
    • Incidents of policy violations as per information security policy.
    • Monitor of network needs for usage and misuse cases, as well as alerts when any mischief is detected in network; action and investigation will follow.
    • Incident report to NCIRC for investigation (after local investigation process be carried out).
  • Operate regular inspections of systems and network processes for security updates as System/Network Security Officer.
  • Support in elaboration of accreditation processes for several CIS systems under CSU responsibility area.
  • Conduct audit process for initiating security and safety measures and strategies.
  • Customize access to information per rules and necessity (user access services at Active Directory in NU, NS and MS networks).
  • Manage COMSEC Team (Crypto Custodian, Crypto related equipment and Security Inspections at COMSEC area).
  • Monitor CIS Security Service that covers and is limited to below Service Instances to customers at following levels, in coordination with COMSEC team:
    • TCE Configuration and monitoring.
    • TCE patch updates/maintenance.
    • NATO transmission security.
  • Tempest installation survey.


  • Required Security Clearance: NATO Secret
  • Experience in performing accreditation processes, risk management and security architecture design. Participate, as required, in Security Accreditation/Approval meetings representing CSU Lisbon interests.
  • Provide information risk assessment and risk management consulting to technology teams during planning, procurement, and implementation and operating phases of projects.
  • Ensure that security configurations of NCI Agency CSU Lisbon supported systems are properly implemented, monitored, and reported.
  • Work with businesses and technology teams to identify and coordinate deployment of appropriate compensating controls to address security and risk gaps (residual risk management).
  • Assist technology teams in implementation of required security controls.
  • Maintain security baseline settings and information for hardware and software items.
  • Ensure compliance with applicable NATO security regulations and conditions of security approvals and/or accreditations.
  • Remain current on emerging technology trends and associated information security issues surrounding them.
  • Experience working within classified network environment;
  • Practical experience in identifying appropriate computer security tools usable in classified environments, and implementing them to support system operations;
  • Expertise in establishing and operating an effective intrusion detection system;
  • Good knowledge of NATO INFOSEC Policy, Directive and Guidance or readiness to acquire this as soon as practicable after appointment;

Candidates must be eligible to work in the EU 


For information on how we process the personal data in your application, please see the Sapienza Privacy Statement here.

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.