3045 Security Accreditation SME

仕事内容

Required Security Clearance: NATO SECRET

SCOPE OF WORK

Identified Activities Will Be Performed Under The Direction / Guidance Of The NCSC Point Of Contact (PoC), And The Contractor Will Be a Member Of The NCSC Team. The Breakdown Of Requested Activities Is The Following

General

• Support Communication Information Systems (CIS) Security assurance of all REACH services.
• Contribute to the enforcement of NATO Policy, Agency Directives and Standard Operating Procedures (SOPs).
• Liaise with all stakeholders to provide operational CIS security support to all REACH services.
• Provide subject matter expert knowledge to assist REACH accreditation process.
• Support information security processes for REACH CIS within the Agency, both for internal operations and for Agency’s customer-funded networks.
• Contribute to the resolution of security requirement conflicts and collaborate with Project Managers (PM), Service Delivery Managers (SDM) and engineers to appropriately convert customer requirements into secure services.
• Coordinate with systems administrators in support of security architecture requirements.
• Identify cyber security-related Key Performance Indicators (KPI) and generate reports to ensure full visibility of all REACH CIS.
• In coordination with NCSC Accreditation Support Office, support all phases of security accreditation processes required to maintain operation status.
  
  

Information Security

• Communicate security risks and issues to business managers and others.
• Perform basic risk assessments for large scale enterprise information systems.
• Contribute to the identification of risks that arise from potential technical solution architectures.
• Suggest alternate solutions or countermeasures to mitigate risks.
• Support investigation of suspected attacks and security breaches.
  
  

Information Assurance

• Follow standard approaches for the technical assessment of information systems against information assurance policies and business objectives.
• Recognize decisions that are beyond their scope and responsibility level and escalates according.
• Review and performs risk assessments and risk treatment plans.
• Identify typical risk indicators and explains prevention measures.
  
  

Vulnerability Management

• Execute Vulnerability Management duties, based on the Security findings reported from the assessment campaigns. This includes Validating the severity of discovered vulnerabilities; Contextualizing the vulnerabilities in the light of NATO policies and best practices; Determining possible remediation and mitigation measures; Defining / Assigning priorities; Contacting and liaising with relevant system owners and proposing a remediation plan; Track and trace all remediation actions and report to the relevant stakeholders.
• Collect and consolidate the vulnerabilities discovered with the assessment services.
• Support NCIA CIS Support Units and other NATO entities and customers in the process of vulnerability remediation.
• Compile draft, review, develop, and provide input on all relevant aspects relating to vulnerability management and mitigation process in NATO CIS.
• Brief at both executive and technical levels on Vulnerability Management reports and mitigations status, including at flag officer level.
  
  

Specialist Advice

• Provide security consultancy and advice to projects, plans and teams.
  
  

Skill, Knowledge & Experience

The contractor who is going to deliver the identified services as an SME of REACH Accreditation Support must have demonstrated skills, knowledge and experience listed below.

Education, Experience And Training (Essential)

• A minimum requirement of a bachelor’s degree at a nationally recognized/certified University in a related discipline and 2 years post-related experience.
• Or exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCIA, that is, at least 6 years extensive and progressive expertise in duties related to the function of the post.
  
  

Technical Skills (Essential):

• Several years of experience (at least two years) with system security, security architecture, network security engineering, and security governance including policy alignment, risk management, performance management and value delivery.
• Minimum 5 years proven experience in CIS Security.
• Minimum 5 years proven experience in modern CIS secure deployment and configuration troubleshooting.
• Minimum 2 years of extensive experience in the contextual interpretation of Vulnerability Assessments results.
• Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience.
• Proven minimum 5 years professional experience and knowledge in at least three of the following:
• Implementation and integration of Information Assurance protective measures.
• Security mechanisms and administration of LAN and WAN in the large enterprise environment.
• Private and public cloud security.
• Enterprise system administration experience of Windows Active Directory concepts and architecture.
• Enterprise system administration experience of VMWare vSphere environment and architecture, with emphasis on security concepts design and implementation.
  
  

Technical Skills (Desirable):

• AWS Certified Cloud Practitioner, Certificate of Cloud Security Knowledge, or other cloud/cloud security certifications.
• ISSACA CISM, and/or ISC2 CISSP, CCSP Certification.
• Good knowledge of containerized micro services and applications, Kubernetes, Docker, etc.,
• Good knowledge of main public cloud ecosystems.
• Good knowledge and exposure to cloud standards, architecture, and models.
• Knowledge of industry standard DevSecOps tools and frameworks.
• Knowledge of cloud networking architecture, cloud operations, security, automation, and orchestration.
• Excellent knowledge of, and experience using, common security tools Tenable Nessus, NMAP, Tanium endpoint management, Microsoft Defender, Trelix ePO etc..
• Knowledge of common MS and Linux updating and patching systems.
• Knowledge of common IT security frameworks and governance models.
• Knowledge of CVSS V2 and V3.
• Knowledge of NATO responsibilities and organization to include NATO Security Policy and supporting directives.
• Understanding of Cyber issues within NATO or NATO member nation environment.
• Prior experience of working in an international environment comprising both military and civilian elements.
• Knowledge of NATO responsibilities and organization, including ACO and ACT.
• Knowledge about risk management related to Artificial Intelligence tools and developments and its impact on cyber security.
  
  

Automation Skills

• Proficiency in automation to create workflows and automate repetitive processes with minimum 2 year experience.
• Ability to identify and implement automation opportunities to enhance efficiency.
  
  

Communication And Interpersonal Skills

• Excellent verbal and written communication skills.
• Full proficiency in English.
• Ability to communicate technical information to non-technical users in a clear and concise manner.
• Ability to communicate effectively orally, using tact and diplomacy, and in writing with effective briefing skills.
  
  

Customer Service Orientation

• Strong customer service focus with a commitment to user satisfaction.
• Patience and empathy when dealing with user issues and concerns.
  
  

Organizational Skills

• Ability to manage and to prioritize tasks effectively.
• Attention to detail in documenting support activities and maintaining accurate records.
  
  

Team Collaboration

• Ability to work effectively as part of a team and share knowledge and resources.
• Willingness to collaborate with colleagues to solve complex issues.
  
  

Others

• The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
• The candidate must have the nationality of one of the NATO nations.
  
  

Desirable

The candidate should also ideally have knowledge and experience in the following areas:

• Experience in working with NATO.
• Experience of working with NATO Communications and Information Agency.
• Experience of working with national Defense or Government entities.
  
  

This is a condensed version of the job description. A full, detailed job description will be provided during the application process.