123

ESS RSM Tool Manager 2 (SIEM) – NATO NCIA

Mons, Wallonia, Belgium, Sapienza Consulting [AAS2019-0065]

Field(s) of expertise
Cyber Security Information Technology
Job type
ContractTemporary
Education
BachelorDiplomaMaster
Deadline
Closed

About this job

We are Looking for a SIEM Engineer and Splunk expert with relevant and up to date experience in deploying and managing Splunk SIEM. Knowledge of VMware is required. Working knowledge of Linux and scripting (bash/python) is required (sysadmin level, not a developer). Knowledge of ArcSight is an asset.

This is a position within NATO Communications and Information Agency (NCIA). Within NCIA, Cyber Security Service Line (CS SL) provides scientific, technical, acquisition and sustainment support in the area of cybersecurity, throughout the lifecycle of NATO ICT. This post is within CS Operations Branch (CS OPS) which delivers a wide range of services to prevent, detect, respond and recover from cyber-attacks and incidents on NATO’s computer networks. Technical Services Section of CS OPS provides technical specialised services including lifecycle management of cryptographic controlled items, operation and NATO-wide logistic support for cryptographic equipment, Identity Management Services (including NATO PKI systems) and specialised cybersecurity infrastructure (including Enterprise Gateway Security Services like firewalls, guard and diode solutions), applications and cybersecurity situational awareness knowledge building.

Responsibilities

With guidance from Section Head, Technical Services or delegated authority, the incumbent will perform duties to support Resolute Support Mission (RSM) such as:

  • Install, deploy, update, maintain, configure and keep in operational conditions Cyber Defence capabilities as deployed to protect Resolute Support Mission Operational networks in Afghanistan
  • Provide support to RSM users accessing CD systems such as Splunk and ensure appropriate RBAC is implemented and used for these users
  • In particular, incumbent will configure, deploy and maintain event log collection and correlation capability based on Splunk Enterprise
  • Develop and enhance existing interfaces and remote data feeds from RSM CyberDefence capabilities to NCIRC Security Information and Event Management system or other centrally managed NCIA capabilities
  • Ensure level of security (Confidentiality, Integrity, and Availability) of Resolute Support Cyber Defence Capabilities meet or exceed minimum security requirements defined by NATO security authorities
  • Act as an interface between Theatre Cyber Defence personnel, NCIA CISAF project management team and NCIRC to ensure provided capabilities are delivering expected outcome to stakeholders
  • Act as Subject Matter Expert (SME) on Resolute Support Cyber Defence capabilities for change management and service delivery improvement proposals
  • Proactively recommend optimisations to Resolute Support Cyber Defence capabilities to provide effective and efficient service operations
  • Produce metrics to be integrated into wider CSSL or NCIA products that are being delivered up to NATO executive management level and Theatre
  • Take initiatives in the area of responsibility and support other objectives

Profile

  • REQUIRED SECURITY CLEARANCE: NATO SECRET
  • University degree at nationally recognised/certified University in technical subject with substantial Information Technology (IT) content and 2 years of specific experience. Exceptionally, lack of university degree may be compensated by the demonstration of candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 10 years extensive and progressive expertise in duties related to the function of post
  • Very good knowledge in managing Enterprise-wide Security Incident and Event Management (SIEM) based on Splunk Enterprise
  • Good knowledge of the virtual environment based on VMWare infrastructure
  • Demonstrated experience in using API for data ingestion and tools integration
  • Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat
  • Demonstrated experience in management and administration of SQL databases
  • Understanding of service delivery management and service lifecycle

 

Desirable Experience and Education:

  • Demonstrated experience in scripting in PowerShell or Python
  • Demonstrated experience in working with the following products: Microfocus ArcSight, RSA Netwitness, Cisco SourceFire, Opentext Encase
  • Previous experience in working in Cyber Security field (CERTs, security office, etc.)
  • Professional certifications on Splunk Enterprise

Candidates must be eligible to work in the EU

Please send your CV (in English) as soon as possible to jobs@sapienzaconsulting.com

For information on how we process the personal data in your application, please see the Sapienza Privacy Statement

For information on how the personal data in your application is processed, please see the Sapienza Consulting Privacy Policy.