About this job

Sapienza Consulting is recruiting a Online Vulnerability Assessment (OVA) Senior Tool Analyst to join NATO – NCIA, at Mons, Belgium

Responsibilities

As Online Vulnerability Assessment (OVA) Senior Tool Analyst, the incumbent will be responsible for providing expertise in the area of continuous vulnerability management processes and vulnerability scanning

Main responsibilities:

• Install, deploy, update, monitor, maintain, configure, troubleshoot and keep in operational conditions the Online Vulnerability Assessment (VA) systems: vulnerability scanners, vulnerability management and reporting solutions
• Define, maintain, update advanced VA configurations, e.g. low performance impact VA scans, and audit files that implement specific hardening guides
• Perform Online Vulnerability Assessments of remote networks and interfaces on classified and unclassified networks, systems and applications
• Support NCI Agency customers in the process of vulnerabilities remediation
• Develop dashboards and reports that reflect vulnerability management program effectiveness and efficiency and Online VA systems availability and scans performance
• perform targeted historical analysis
• review historical trending data and recommend improvement opportunities
• produce metrics to be integrated into wider NCI Agency products that are being delivered up to NATO executive management level
• Compile, draft, review and deliver inputs on all aspects relevant to vulnerability data collection, vulnerability data analysis and reporting processes to ensure consistency with NATO policies and NCI Agency directives, and acts as technical expert for VA tools
• Develop NCI Agency specific Request for Change formal documentation, configure test of VA systems and provide support for conducting functional and security tests required by Change Management processes for having systems approved to be used on NCI Agency managed networks
• Maintain awareness of new technologies and developments, industry standards and best practices and threat intelligence within the wider IA community
• Provide required support for the selection of security tools

Profile

• Must have Bachelor’s Degree in Computer Science combined with minimum of 5 years’ experience in Vulnerability Assessment related post, or Secondary education and completed advanced vocational education (leading to professional qualification or professional accreditation) with 7 years post related experience
• Experience in COMPUSEC Vulnerability Assessment area, particularly in interpretation of results of CIS Technical Security Vulnerability Assessments
• Experience with Cyber Hygiene and top 20 Critical Security Controls for effective cyber defence
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications
• Experience in implementation and integration of CIS Security protective measures
• Knowledge of risk based Security Assessment of systems and networks
• Practical hands-on experience in system and network administration
• Demonstrable expert knowledge of Tenable Security Center and Tenable Nessus products
• Ability to investigate and analyse complex scenarios and solve problems in innovative ways
• Excellent communication abilities, both written and verbal, with ability to clearly and successfully articulate complex issues to variety of audiences and teams
• Must hold Security Clearance NATO Cosmic Top Secret
• Fluent business English; knowledge of another NATO member-state language is an asset

Desirable:

• Tenable Certified Nessus User, or Tenable Certified Nessus Auditor certifications
• Holding recognized professional qualification within Vulnerability Auditing field of expertise e.g. SANS AUD507
• A solid understanding of Information Security Practices; relating to Confidentiality, Integrity and Availability of information (CIA triad)
• Prior experience of working in international environment comprising both military and civilian elements

Candidates must be eligible to work in the EU

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement