About this job

Sapienza Consulting, a Serco company, is recruiting a NATO Secret cleared Cyber Threat Intelligence Analyst Services, to work on the AAS Project at NATO-NCIA, with work location in Brussels, Belgium.

Responsibilities

Duties & Role:

• Support with the development of a process, procedure and methodology to track cluster and link incident tickets together:
• Review, triage, assess, cluster and link historic events/incidents together based on ticket data. Assist in the prioritization of the development of threat hunt playbooks, based on observed and recurring activity. Liaise with NATO’s Incident Handling Officers to understand tickets and request more technical data when needed.
• Assess, cluster and link disparate activity into related intrusions & campaigns.

  Measurement: Merger or cross-correlation of intrusion sets into operations or campaigns.

• Support Enterprise risk and incident management activities

  Measurement: support information exchange with OCIO, based on cyber threat data analysis and trend information.

• Exploration of how above correlated information could be ingested and rendered in Enterprise tools used by the OCIO.

Profile

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance.
• A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of the service provider’s particular abilities or experience that is/are of interest to the OCIO; that is, at least 7 years extensive and progressive expertise in the tasks related to providing cyber threat intelligence analyst services.

Mandatory

• Advanced level in at least three of the following areas and a high level of experience in the other areas:
• Experience analysing and synthesizing security events and incidents in a high-speed environment.
• Knowledge and experience in analysis of incidents, attack patterns and tactics, techniques, and procedures (TTPs).
• Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools.
• Experience with threat hunting, including deep knowledge of operating systems and windows internals.
• Strong knowledge of malware families and network attack vectors

Desirable

• Applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; windows and Linux system internals and experience threat hunting in Enterprise environments; and network forensics including common protocols and how those are used in adversary operations.
• Applied knowledge of a variety of adversary command and control methods and protocols.
• Ability to produce contextual attack models applied to a scenario.
• Experience working in a threat intelligence team.
• Knowledge of JIRA.

Candidates must be eligible to work at NATO-NCIA.