Second Line Security Event Analyst (NATO-NCIA)

Mons, Belgium, Sapienza Consulting [C002337]

Field(s) of expertise
Information Technology
Job type

About this job

Sapienza Consulting is recruiting a Second Line Security Event Analyst to join NATO – NCIA, at Mons, Wallonia, Belgium.


As Second Line Security Event Analyst (SLSEA), the incumbent will provide a detailed analysis of logs and network traffic. The role will involve determining the severity of security alerts through investigative analysis in addition to the following main responsibilities:

  • Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team
  • Analyse firewall, IDS, anti-virus and other sensor-produced system security events and present findings
  • Provide detailed technical reports in support of incidents and capability improvements
  • Share security event/incident information with stakeholders via presentations and technical reports
  • Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc.) to identify malicious activity. Be able to recommend improvements to enable enhancing investigations
  • Propose possible optimisations and enhancements which help to maintain and improve NATO’s Cyber Security posture
  • Implement and support threat hunting activities; create use cases and technical reports when requested
  • Analyse intelligence information gathered from internal and external threat intelligence resources
  • Identify security gaps in NATO infrastructure and develop custom content utilising available toolset
  • Provide expert investigative support of large scale and complex security incidents
  • Develop and maintain SOAR playbooks


  • The candidate must have a currently active NATO SECRET security clearance
  • A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience
  • Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in the duties related to the function of the post



Expert level in at least three of the following areas and a high level of experience in several of the other areas:

  • Security Incidents Event Management products (SIEM) – e.g. Splunk
  • Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Prevention
  • Host Based Intrusion Detection Systems (HIDS)
  • Full Packet Capture systems – e.g. Niksun, RSA/NetWitness
  • A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
  • Computer incident response centre (CIRT), computer emergency response team (CERT)
  • Cloud-specific security tools
  • Splunk ES suite and Phantom SOAR
  • Proficiency in Intrusion/Incident Detection and Handling
  • Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
  • Solid knowledge and experience in Splunk Enterprise Security suite. Exceptionally this requirement can be compensated with proven level of expertise in network analysis and threat hunting



  • Industry leading certification in the area of Cybersecurity, such as GCIA, GNFA, GCIH
  • A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures
  • A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad)
  • Solid knowledge and experience in threat hunting in corporate/government level environment
  • Strong knowledge of malware families and network attack vectors

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.