JTS/FAST Documentation Writer (NATO-NCIA)


Brussels, Belgium, Sapienza Consulting [2022-0098a]

Field(s) of expertise
Information Technology
Job type

About this job

Sapienza Consulting, a Serco company, is recruiting a NATO Secret cleared Cyber Threat Intelligence Analyst Services, to work on the AAS Project at NATO-NCIA, with work location in Brussels, Belgium.


Duties & Role:

In providing Cyber Threat Intelligence Analyst services, the contractor will be responsible for tracking, reviewing and correlating (historic) events/incidents that are observed by NATO’s internal incident response team. Specific tasks include:

  • Support with the development of a process, procedure and methodology to track cluster and link incident tickets together; Measurement: A document that describes the process, procedure and methodology followed to assess, cluster and link incident response tickets
  • Review, triage, assess, cluster and link historic events/incidents together based on ticket data. Assist in the prioritization of the development of threat hunt playbooks, based on observed and recurring activity. Liaise with NATO’s Incident Handling Officers to understand tickets and request more technical data when needed; Measurement: Report on incidents that show overlap, links, etc, describing why they are linked, why it matters, lessons that can be learned and how to defend against the type of activity.
  • Assess, cluster and link disparate activity into related intrusions & campaigns; Measurement: Merger or cross-correlation of intrusion sets into operations or campaigns.
  • Support Enterprise risk and incident management activities; Exploration of how above correlated information could be ingested and rendered in Enterprise tools used by the OCIO.


Skill, Knowledge & Experience:

  • The candidate must have a currently active NATO SECRET security clearance.
  • A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of the service provider’s particular abilities or experience that is/are of interest to the OCIO; that is, at least 7 years extensive and progressive expertise in the tasks related to providing cyber threat intelligence analyst services.


  • Advanced level in at least three of the following areas and a high level of experience in the other areas:
  • Experience analysing and synthesizing security events and incidents in a high-speed environment.
  • Knowledge and experience in analysis of incidents, attack patterns and tactics, techniques, and procedures (TTPs).
  • Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools.
  • Experience with threat hunting, including deep knowledge of operating systems and windows internals.
  • Strong knowledge of malware families and network attack vectors.


  • Applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; windows and Linux system internals and experience threat hunting in Enterprise environments; and network forensics including common protocols and how those are used in adversary operations.
  • Applied knowledge of a variety of adversary command and control methods and protocols.
  • Ability to produce contextual attack models applied to a scenario.
  • Experience working in a threat intelligence team.
  • Knowledge of JIRA.

Candidates must be eligible to work at NATO-NCIA.

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.