About this job

As Incident Handling Officer dedicated to interaction with NATO Partners (Industry, non-NATO Nations, NGOs etc) embedded within NCIRC working environment, successful candidate will be required to use their knowledge and experience to work on Cyber Security Incident Handling and Reporting with emphasis on post-Incident Analysis

– Their role will involve fusing Cyber Threat Intelligence & Analysis from all relevant sources currently available to NCIRC for redistribution based on existing MoUs, Technical Agreements and Industry Partnership Agreements.

– The incumbent will also be in charge of engaging with NATO Cyber Threat Intelligence Stake Holders to improve quantity / quality of information exchanged.

– The incumbent will maintain the content of existing information sharing platforms (i.e MISP) as well as propose improvements.

– He will foster and maintain an active information sharing relationship with CSSL partners and contributes to CSSL products.

Responsibilities

• Collation/Analysis of Cyber Threats Intelligence.
• Dissemination of Cyber Threat Analysis to appropriate audiences.
• Pro-active engagement with Cyber Threat Intelligence Community both internal / external to NATO.
• Monthly reporting on approved KPls for Cyber Threat Intelligence sources.
• Creation/maintenance of Standard Operating Procedures (SOPs) to support all aspects of their role.
• Monthly reporting to both the Customer and Business Stake Holders.
• Ad-hoc taskings from the Incident Management Section (IMS) in support to investigations.
• Improvement of NCIR CTC processes for receiving, searching, analysing and storing cyber threat data.
• Design/maintain/improve an automatic Cyber Threat sharing capability.
• Regular, at least monthly, Knowledge Transfer meetings with appropriate Stake Holders focusing on:
  • Key Cyber Security Threats, particularly those that may have an impact on NATO, Significant Cyber Security Incidents including relevant post-Incident Analysis.
  • Improvements to the Cyber Security processes currently in use within NCIRC TC IMS Cyber Security Incident Trends.

Profile

• Required Security Clearance: NATO Secret
• Significant demonstrable experience in Cyber Security related environment, with emphasis on both event analysis and post-Incident Management.
• Experience in liaising at both the technical and managerial level in successful resolution of Cyber Security Incidents, incumbent must have excellent written and spoken communication skills.
• Experience in producing accurate and meaningful reports, both technical and managerial, on activities related to Cyber Security Incidents.
• If candidate has RELEVANT degree (e.g. Computer Security), this counts towards equivalence for demonstrable experience, however irrespective of candidate’s education, some hands on experience within equivalent role is required.
• Essential to have one or more professional SANS (e.g., GSEC, GCIA) and/or CISSP and/or CISM Certifications.
• Senior level of management and analysis of (i.e. Security Event Analyst experience) Cyber Security Incidents, and/or configuration, operation, troubleshooting and management (i.e. Tools Specialist) in at least one of following areas, and a high level of experience in several other areas: ArcSight products, Network Based Intrusion Detection Systems (NIDS), Host Based Intrusion Detection Systems (HIDS), Network security appliances and networking devices and associated management software.
• Variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances), Computer Incident Response Centre (CIRC), Computer Emergency Response Team (CERT), Computer Forensics Tools (stand alone, online and network).
• Computer Security Tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus. Protocol Analysis, Anti-Spyware, etc.)
• Secure web design and development.
• Military communication systems and networks.
• Network, system and application level troubleshooting techniques.
• Ability to effectively manage own workload in a high tempo environment to Time, Quality and Standards.
• Ability to effectively communicate technical solutions to various audiences, both technical/non-technical.
• Be self-motivated and driven to follow-up Cyber Security Incidents to their logical conclusion.
• Ability to work in an International environment embedded in the Customer’s location in mainland Europe.