About this job

Sapienza Consulting is recruiting a 2nd Line Security Event Analyst Threat Hunting to join NATO – NCIA at Mons, Wallonia, Belgium

Responsibilities

• Conduct detailed investigation and research of security events within the NATO Cyber Security Centre (NCSC) team
• Analyze firewall, IDS, anti-virus and other sensor produced system security events and present findings
• Provide detailed technical reports about incidents and capability improvements
• Share security event/incident information with stakeholders via presentations and technical reports
• Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc) to identify malicious activity. Be able to recommend improvements to enable enhancing investigations
• Provide Subject Matter Expertise supporting the end-to-end Cyber Security Incident Handling process
• Propose possible optimizations and enhancements which help to both maintain and improve NATO’s Cyber Security posture
• Implement threat hunting and create technical reports related to threat hunting activities when requested
• Analyze intelligence information gathered from both internal and external threat intelligence resources.
• Create technical use case documentation for threat hunting
• Identify gaps in IT infrastructure by mimicking attackers’ behaviors and responses when requested.
• Provide expert investigative support of large-scale and complex security incidents.

Profile

• Required Security Clearance: NATO Secret
• Permits in place to live and work in Belgium
• University degree at nationally recognized/certified University in technical subject with substantial Information Technology (IT) content and 4 years of specific experience Exceptionally, lack of university degree may be compensated by demonstration of candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in duties related to the function of post
• Expert level in at least three of the following areas and high level of experience in several of the other areas:
• Security Incidents Event Management products (SIEM) – e.g. Splunk
• Network-Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Prevention
• Host Based Intrusion Detection Systems (HIDS)
• Full Packet Capture systems – e.g. Niksun, RSA/NetWitness
• A variety of Security Event generating sources (e.g. Firewalls IDS, Routers, Security Appliances)
• Computer forensics tools (stand-alone, online and network)
• Computer incident response center (CIRT), computer emergency response team (CERT)
• Computer security tools (Vulnerability Assessment, Antivirus, Protocol Analysis, Protocol Analysis, Anti-Spyware, etc)
• Proficiency in Intrusion/Incident Detection and Handling
• Comprehensive knowledge of principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications
• Solid knowledge and experience in Splunk Enterprise Security suite. Exceptionally this requirement can be compensated with proven level of expertise in network analysis and threat hunting
• Desirable
• Industry-leading certification in areas of Cybersecurity such as GCIA, GNFA, GCIH
• Good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to protection of CIS infrastructures
• Solid understanding of Information Security Practices; relating to Confidentiality, Integrity and Availability of information (CIA triad)
• Solid knowledge and experience in threat hunting in corporate/government level environment
• Strong knowledge of malware families and network attack vectors
• Knowledge and experience in the analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTP), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets
• Ability to analyze attack vectors against the particular system to determine the attack surface
• Ability to produce contextual attack models applied to the scenario
• Candidates must be eligible to work in the EU
  For information on how we process the personal data in your application, please see the Sapienza Privacy Statement