Senior Incident Detection Analyst – Cloud Security (NATO-NCIA)

Mons, Belgium, Sapienza Consulting [C002162]

Field(s) of expertise
Information Technology
Job type

About this job

Sapienza Consulting, a tpgroup company, is recruiting a Senior Incident Detection Analyst – Cloud Security to join NATO – NCIA in Mons, Wallonia, Belgium.


As a Senior Incident Detection Analyst (Cloud Security), you will provide detailed analysis of logs and network traffic with a focus on cloud infrastructure. As part of your main responsibilities in this role, you will:

  • Analyse and respond to alerts originating from complex cloud infrastructure deployments and on-premise network and security devices
  • Identify security gaps in NATO cloud security infrastructure and develop custom detection content within cloud environments
  • Develop and maintain cloud-specific use cases in our on-premise SIEM solution (Splunk Enterprise Security)
  • Develop processes, create and maintain supporting documentation
  • Participate in threat hunting activites
  • Work towards automating repetitive tasks using our SOAR solution
  • Mentor less experienced members of the team
  • Be flexible and support your colleagues in securing NATO networks through ad hoc tasks


  • The candidate must have a NATO SECRET security clearance


Essential Skills:

  • A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 3 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 5 years extensive and progressive expertise in the duties related to the function of the post



  • At least two years of demonstrable experience in security monitoring and analysis of enterprise level cloud environments (AWS and/or Azure)
  • Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
  • Expertise in at least three of the following areas and a high level of experience in several of the other areas:
    • Security monitoring and analysis using a variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, EDR and AV)
    • Cloud architectures and technologies (AWS and/or Azure)
    • Managing security operations in public cloud services (AWS and/or Azure)
    • Microsoft Sentinel
    • AWS cloud security tools
    • Splunk ES suite and Splunk Seach Processing Language (SPL)
    • Phantom SOAR playbook development
    • Security use case development aligned to the MITRE ATT&CK Framework
    • Developing threat hunting hypothesis, conducting hunts and reporting on findings


Desirable Skills:

  • Industry leading certification in the area of Cybersecurity, such as GCIA, GPCS, GCLD, GNFA, GCIH, CCSP, GSFE, GCFA,GCED, OSCP
  • A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad)
  • Experience working with Full Packet Capture Systems e.g Niksun, RSA/NetWitness
  • Host Based Intrusion Detection systems (HIDS)
  • Experience with Network Based Intrusion Detection Systems (NIDS) – e.g SourceFire, Palo Alto Network Threat Prevention
  • Strong knowledge of malware families and network attack vectors
  • Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets
  • Ability to analyse attack vectors against a particular system to determine attack surface

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.