Cyber Threat Intelligence Analyst Services (NATO-NCIA)

Brussels, Belgium, Sapienza Consulting [AAS-OCIO-0004]

Field(s) of expertise
Cyber Security Information Technology
Job type

About this job

Sapienza Consulting, a tpgroup company, is recruiting a Cyber Threat Intelligence Analyst Services for NATO – NCIA in Brussels, Belgium.


In providing Cyber Threat Intelligence Analyst services, the contractor will be responsible for identifying and tracking sophisticated cyber threat actors across a geopolitical region.

Specific tasks include:

  • Develop cyber threat profiles on targeted and advanced persistent threats through the use of open source and internal data
  • Measurement: Publication of planned and ad-hoc reports on threat actor campaigns, tradecraft, malware and infrastructure
  • Service provided throughout the term of the contract
  • Measurement: Present tactical and strategic intelligence about threat groups, the methodologies they use, and the motivations behind their activity
  • Service provided throughout the term of the contract
  • Produce threat hunting packages for internal network defenders to identify patterns of malicious cyber activity
  • Measurement: Ad-hoc publication of threat hunting guides based on emerging cyber threats
  • Service provided throughout the term of the contract
  • Use external commercial threat intelligence sources (internet scan data, passive DNS, domain registrant information, malware repositories) to track and model malicious cyber activity
  • Measurement: Query creation and tuning to identify emerging cyber threat activity related to assigned threat actors. Service provided throughout the term of the contract
  • Assess, cluster and link disparate activity into related intrusions & campaigns in internal threat analytics platform
  • Measurement: Merger or cross-correlation of intrusion sets into operations or campaigns within team’s internal threat analytics platform
  • Service provided throughout the term of the contract


  • Required Security Clearance: NATO Secret
  • A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience
  • Exceptionally, the lack of a university degree may be compensated by the demonstration of the service provider’s particular abilities or experience that is/are of interest to the OCIO; that is, at least 7 years extensive and progressive expertise in the tasks related to providing cyber threat intelligence analyst services


  • Expert level in at least three of the following areas and a high level of experience in the other areas:
  • Experience analysing and synthesizing threat intelligence in a high-speed environment
  • Experience producing actionable threat intelligence on targeted and advanced persistent adversaries enabling network and host defences in external organizations with demonstrable impact
  • Tracked at least two distinct cyber threat actors over a period of at least one year ascertaining and characterizing various TTPs, capabilities, infrastructure, and campaigns
  • Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets
  • Strategic and doctrinal geo-political knowledge of specific regions
  • Experience with threat hunting, including deep knowledge of operating systems and windows internals


  • Applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; windows and Linux system internals and experience threat hunting in Enterprise environments; and network forensics including common protocols and how those are used in adversary operations
  • Applied knowledge of a variety of adversary command and control methods and protocols.
  • Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools
  • Strong knowledge of malware families and network attack vectors
  • Ability to analyse attack vectors against a particular system to determine attack surface
  • Ability to produce contextual attack models applied to a scenario
  • Hands on experience on monitoring cloud service


If you are interested in applying then please click apply and one of the recruitment team will be in touch.

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement.

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.