NOTE: Subject RFQ was relaunched for another round as the previously submitted candidates were found not compliant for the following reasons: 2 candidates: Lack of experience in penetration testing / adversary emulation; Already interviewed, interview showed a lack of understanding/experience in adversary emulation; Candidate interviewed, interview showed a lack of understanding/experience in adversary emulation
Deadline Date: Tuesday 20 February 2024
Requirement: Adversary Emulation Engineer
Location: Mons, BE
Full time on-site: Yes
Time On-Site: 100%
Total Scope of the request (hours): 1672
Required Start Date: 1 April 2024
End Contract Date: 31 December 2024
Required Security Clearance: NATO SECRET
Specific Working Conditions: Secure environment with standard working hours, with the exception of working non-standard working hours up to 72 hours annually.
Duties and Role:
- Lead and/or be part of the Red/Purple Team during assessments;
- Develop and execute complex adversary emulation scenarios;
- Create custom scripts in python to simulate attack activities;
- Utilize detections to improve the effectiveness of adversary emulation scenarios;
- Create and use custom tools to automate and optimize the adversary emulation process;
- Provide security design reviews to ensure compliance with company policies and directives;
- Provide security consultancy and advice to projects, plans, and other entities;
- Brief at both executive and technical levels on security reports and testing outcome;
- Ensure proactive collaboration and coordination with internal and external stakeholders;
- Ensure compliance with IT security, risk and compliance principles;
- Responds to ad-hoc tasks given by the chain of command.
Deliverables:
The main deliverables as will be:
- Provide an average of 139 hours/month working on-site, embedded in the NCSC Penetration Testing and Adversary Emulation Cell located in SHAPE, Casteau, Belgium.
- High-quality reports on the results of adversary emulation assessments as directed by Lead Engineer NCSC.
- Provide variety of deliverables associated to any duty (described in above).
- The service provider is expected to provide accurate and complete deliverables in accordance with internal processes.
- The service provider shall be responsible for complying with all applicable local employment laws, in addition to following all SHAPE amp; NCIA on boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.
- Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period.
- The service provider shall not be required to work on NCIA holidays.
Requirements
Skill, Knowledge amp; Experience:
- The candidate must have a currently active NATO SECRET security clearance
- The contracted individual will have at least 3 years post-related experience.
The required skillset for the contracted individual is:
- Proven experience in either penetration testing, red teaming or adversary emulation for at least 3 years
- Understanding of the principles of adversary emulation (red/purple teaming)
- Ability to develop and execute adversary emulation scenarios
- Understanding of tactics, techniques and procedures of threat actors based on MITRE ATTamp;CK Framework
- Ability to create and execute custom scripts to simulate attack activities
- Understanding of the various types of detections available (defence in depth)
- Knowledge of the latest security trends and best practices
- Ability to create and use custom tools to automate and optimize the adversary emulation process
- Knowledge of the principles of IT security, risk and compliance
- Experience with security testing tools and methodologies, such as fuzzing, static and dynamic application security testing, and penetration testing
- Knowledge in system and network administration of UNIX and Windows systems
- Use of penetration testing tools, techniques, and recognized testing methodologies
- Scripting skills in Python
- Technical knowledge in system and network security, authentication and security protocols, cryptography and application security
- Ability to evaluate risks and formulate mitigation plans
- Proven ability to write clear and structured technical reports including executive summary, technical findings and remediation