Cyber Security Data Engineer – MISP

le contenu du travail

• Working Location: Mons, Belgium
• Security Clearance: NATO Secret
• Language: High proficiency level in English language
  

Experience And Education

Essential Qualifications/Experience:

• A Bachelors Degree in Computer Science combined with a minimum of 2 years experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience
• Excellent abilities in:
  

ü Software development/programming and code review

ü Writing and reviewing scripts, mostly in Python language

• 2 years demonstrable experience solely in web development in PHP and/or Python
• Very good technical understanding of the cyber threats to web-based products
• Demonstrated experience in:
  

ü Using API for data ingestion and tools integration

ü Linux/UNIX Systems administration, preferably with RedHat

ü Management and administration of SQL databases

ü Use of APIs for data ingestion and integration

• Understanding of service delivery management and service lifecycle
• Working knowledge of automation technologies (Ansible)
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications
  

Desirable Qualifications/Experience

• Prior experience in the use and administration of MISP (Malware Information Sharing Platform)
• Code contributions to MISP as open source project
• Previous experience in working in a Cyber Security field (CERTs, security office)
• Prior experience of working in an international environment comprising both military and civilian elements
• Experience with the technical management of Splunk as Enterprise SIEM
  

Duties/Role

• Install, deploy, monitor, maintain, configure and keep in operational conditions the Malware Information Sharing Platform (MISP) systems
• Act as the Subject Matter Expert for MISP
• Troubleshoot identified issues, liaise with other stakeholders and co-ordinate resolution of those issues
• Identify any upgrade requirements and implement new versions following relevant testing and internal change management process
• Proactively propose system and service improvements to provide effective and efficient service operations
• Implement approved changes following extensive tests in preproduction environment
• Deliver new and improve existing documentation on MISP service related processes, setup, integrations and customized scripting in the environment
• Collaborate with other stakeholders supporting project related activities (new implementations, system upgrades/changes, etc.)
• Ensure the level of security (Confidentiality, Integrity, and Availability) meets or exceeds the minimum-security requirements defined by NATO security authorities
• Help in the organization of the MISP User Group (MUG) whenever required, supporting the internal MISP engineer
• Actively participate in the wider MISP community discussions to propose and review change proposals
• Support the MISP Lead engineer and Service Delivery Manager (SDM)in providing the metrics to be integrated into wider NCSC or NCIA products , delivering second and third line support for MISP users and supporting any Root Cause Analysis (RCA) requested
• Occasionally provide support to the rest of the section with the maintenance of other specialized tools such as Security Incident and Event Management, Vulnerability Assessment and Computer Forensic.
• Perform technical co-ordination as required with NATO CIS authorities
• Produce metrics to be integrated into wider NCSC or NCI Agency products that are being delivered up to NATO executive management level
• Maintain awareness of new technologies and developments, industry standards and best practices within the wider IA community and provide support for the selection of new cyber tools
• Produce technical reports and support the production of executive level reports
• Review security documentation and provide technical advice
• When required work autonomously and proactively
• Expected outcomes
• Under the direction of the STMS Section Head, MISP Lead Engineer or delegated authority, shall deliver the following:
• Daily:
  

ü Work in close collaboration with the MISP Service Delivery Manager (SDM) and the MISP Lead Engineer on assigned tasks and upcoming deliverables

ü Report on system status, results of the health checks and details on any issues identified

ü In case of any issues, preparation of a resolution plan and any applicable mitigations. The initial plan has to be prepared within 1 working day

ü Manage the ticket queue related to the tools under incumbents responsibility. The incumbent will respond to all Critical within the same day. High tickets require a response the next day the latest. All other tickets shall be updated at least once a week

• Weekly:
  

ü A brief summary of current situation with ongoing tickets. It shall include:

• any critical as well as system affecting high tickets
• any identified issues, already present or expected in the future
• Performance Standards
  

ü Timely delivery of the reports and briefs

ü The section head, SDM and/or team lead will regularly assess quality of the deliverables

ü The reports shall contain key elements such as date and time of system checks, expected outcome, observed situation

ü In case of reported issues provide details on 5W: who (is affected), what (happened), when (day/time), where (which systems), why (any supporting details, potential hypothesis)