This RFQ is relaunched in all its entirety as previously submitted candidates were technically non-compliant for following reasons:
- they do not possess required knowledge level for role
- have limited experience in analyst roles
- have a network engineering background, not Security Event Analyst
Deadline Date: Thu 15th April 2021
Equivalent NATO Grade: A/113
Work Location: Mons, BE
Full time on-site: Yes
Required Start Date: 24-MAY-2021
Total Scope of the request (hours): 418
Required Security Clearance: NATO Secret
Senior Security Event Analyst (Magellan)
As Second Line Security Event Analyst (SLSEA), the incumbent will provide detailed analysis of logs and network traffic and making security event determinations on alarm severity delivering detailed investigation and remediation activities as member of the Cyber Security Service Line.
Main responsibilities:
- Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team
- Analyse firewall, IDS, anti-virus and other network sensor produced system security events and present findings
- Provide detailed technical reports about incidents and capability improvements
- Share security event/incident information with stakeholders via presentations and technical reports
- Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc) to identify malicious activity. Be able to recommend improvements to enable enhancing investigations
- Provide Subject Matter Expertise supporting the end-to-end Cyber Security Incident Handling process
- Propose possible optimisations and enhancement which help to both maintain and improve NATO's Cyber Security posture
- Conduct technical reports and presentations regarding his area of responsibility
Requirements
- Required Security Clearance: NATO Secret
- University degree at nationally recognised/certified University in technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, lack of university degree may be compensated by demonstration of candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in duties related to function of post.
- Expert level in at least three of following areas and high level of experience in several of other areas:
- Security Incidents Event Management products (SIEM) e.g. Splunk
- Network Based Intrusion Detection Systems (NIDS) e.g. SourceFire, Palo Alto Network Threat Prevention
- Host Based Intrusion Detection Systems (HIDS)
- Full Packet Capture systems e.g. Niksun, RSA/NetWitness
- Variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
- Computer forensics tools (stand alone, online and network)
- Computer incident response centre (CIRT), computer emergency response team (CERT)
- Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc)
- Proficiency in Intrusion/Incident Detection and Handling
- Comprehensive knowledge of principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications
- Desirable
- Industry leading certification in area of Cybersecurity such as GCIA, GNFA, GCIH
- Solid knowledge and experience in Splunk Enterprise Security suite
- Good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to protection of CIS infrastructures
- Solid knowledge and experience in monitoring threats in a cloud environment
- Solid understanding of Information Security Practices; relating to Confidentiality, Integrity and Availability of information (CIA triad)
Benefits
Required Security Clearance: NATO Secret