About this job

Sapienza Consulting is recruiting a Second Line Security Event Analyst to join NATO – NCIA, at Mons, Wallonia, Belgium.

Responsibilities

As Second Line Security Event Analyst (SLSEA), the incumbent will provide a detailed analysis of logs and network traffic. The role will involve determining the severity of security alerts through investigative analysis in addition to the following main responsibilities:

• Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team
• Analyse firewall, IDS, anti-virus and other sensor-produced system security events and present findings
• Provide detailed technical reports in support of incidents and capability improvements
• Share security event/incident information with stakeholders via presentations and technical reports
• Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc.) to identify malicious activity. Be able to recommend improvements to enable enhancing investigations
• Propose possible optimisations and enhancements which help to maintain and improve NATO’s Cyber Security posture
• Implement and support threat hunting activities; create use cases and technical reports when requested
• Analyse intelligence information gathered from internal and external threat intelligence resources
• Identify security gaps in NATO infrastructure and develop custom content utilising available toolset
• Provide expert investigative support of large scale and complex security incidents
• Develop and maintain SOAR playbooks

Profile

• The candidate must have a currently active NATO SECRET security clearance
• A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience
• Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in the duties related to the function of the post

Mandatory:

Expert level in at least three of the following areas and a high level of experience in several of the other areas:

• Security Incidents Event Management products (SIEM) – e.g. Splunk
• Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Prevention
• Host Based Intrusion Detection Systems (HIDS)
• Full Packet Capture systems – e.g. Niksun, RSA/NetWitness
• A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
• Computer incident response centre (CIRT), computer emergency response team (CERT)
• Cloud-specific security tools
• Splunk ES suite and Phantom SOAR
• Proficiency in Intrusion/Incident Detection and Handling
• Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
• Solid knowledge and experience in Splunk Enterprise Security suite. Exceptionally this requirement can be compensated with proven level of expertise in network analysis and threat hunting

Desirable:

• Industry leading certification in the area of Cybersecurity, such as GCIA, GNFA, GCIH
• A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures
• A solid understanding of Information Security Practices relating to the Confidentiality, Integrity and Availability of information (CIA triad)
• Solid knowledge and experience in threat hunting in corporate/government level environment
• Strong knowledge of malware families and network attack vectors