This is the relaunch of SC2020/001041 with some changes in SoW and increased NTE. Previous candidates were non-compliant for following reasons: lack of security event analyst experience; candidate recently interviewed for another role and is not suitable for this position;
DEADLINE: Thursday 22nd April 2021
Total Scope of request: 330 hours
Duty Location: Mons, Belgium
Full time on-site: Yes
Start Date: 1 Jun 2021
Required Security Clearance: NATO Secret
Equivalent NATO Grade: B/78
Cyber Security Event Analyst (RSM)
This contractor will fill cyber security event analyst position required for networks in NATO Cyber Security Centre's Area of Responsibility including RSM (Resolute Support Mission).
Perform analysis of security events and support First Line Security Event Analysts. Perform ticket reviews. Retrieval and support in the analysis of Full Packet Captures (FPC). Signature creation e.g. SNORT rules. Test and evaluation of signatures and rules prior to deployment in operational environment. Evaluation and implementation of sensor tuning requests. Creation and updating of Standard Operating Procedures (SOPs) and Security Policies. Contribute to the proper configuration of Afghan Mission Network (AMN). Provide, as requested, technical support to forensics investigations. Ad-hoc tasking from the Monitoring Detection Section (MDS) in support of investigations. Write scripts to automate repetitive tasks and have knowledge to interact with APIs.Conduct and direct technical aspects of trend and threat analysis in order to optimise sensors and to propose modifications to audit policies to NATO security authorities. Analyse and interpret advisories from national and nongovernment CERTs for their relevance to NATO CIS and development of associated signatures and event correlation. Conduct online research, such as developing new methods of detecting and monitoring new threats, keeping abreast of developments in cyber arena. Review and refine event analysis processes in order to optimise sensor configuration and correlation capabilities.Requirements
- Required Security Clearance: NATO Secret
- Experience in analysing event of interests using network and endpoint data resources
- Experience in at least three of following areas and high level of experience in several of other areas:
- Security Incidents Event Management products (SIEM) e.g. ArcSight, Splunk
- Network Based Intrusion Detection Systems (NIDS) e.g. SourceFire
- Full Packet Capture systems e.g. RSA / NetWitness
- Host Based Intrusion Detection Systems (HIDS)
- Configuration, operation, troubleshooting and management (i.e. Tools Specialist) of security tools and appliances
- Variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
- Computer forensics tools (standalone, online and network)
- Desirable
- Proficiency in Intrusion / Incident Detection and Handling
- Have one or more professional SANS certifications
- Experience in writing scripts to automate repetitive tasks
Benefits
Required Security Clearance: NATO Secret