C001867 - Snr Security Event Analyst Threat Hunting 2 (NS), Mons - FRI 26th

仕事内容

C001867 - Snr Security Event Analyst Threat Hunting 2 (NS), Mons - FRI 26th Nov

DEADLINE: Friday 26th November 2021
Equivalent NATO Grade: A/111
Work Location: Mons, BE
Full time on-site: Yes
Required Start Date: 03-JAN-2022

Total Scope of the request (hours): 1254

Specific Working Conditions: Normal Office Conditions

Required Security Clearance: NATO Secret
Requirement Title: Senior Security Event Analyst Threat Hunting 2
As Senior Security Event Analyst (SSEA), you will provide detailed analysis of logs and network traffic and making security event determinations on alarm severity delivering detailed investigation and remediation activities as member of NATO Cyber Security Centre in addition to implement and support threat hunting activities.

Main responsibilities:
 Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team
 Analyze firewall, IDS, anti-virus and other sensor produced system security events and present findings
 Provide detailed technical reports about incidents and capability improvements
 Share security event/incident information with stakeholders via presentations and technical reports
 Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc) to identify malicious activity. Be able to recommend improvements to enable enhancing investigations
 Provide Subject Matter Expertise supporting the end-to-end Cyber Security Incident Handling process
 Propose possible optimisations and enhancement which help to both maintain and improve NATO’s Cyber Security posture
 Implement threat hunting and create technical reports related to threat hunting activities when requested.
 Analyze intelligence information gathered from both internal and external threat intelligence resources.
 Create technical use case documantation for threat hunting.
 Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses when requested.
 Provide expert investigative support of large scale and complex security incidents.

Requirements:

• Required Security Clearance: Current NATO Secret already in place
• To be able to start at the required start date with full rights to live and work in Belgium
• University degree at nationally recognised/certified University in technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, lack of university degree may be compensated by demonstration of candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in the duties related to the function of post.
• Expert level in at least three of the following areas and high level of experience in several other areas: Security Incidents Event Management products (SIEM) – e.g. Splunk; Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Prevention; Host Based Intrusion Detection Systems (HIDS); Full Packet Capture systems – e.g. Niksun, RSA/NetWitness; variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances); Computer forensics tools (stand alone, online and network); Computer incident response centre (CIRT), computer emergency response team (CERT); Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc)
• Proficiency in Intrusion/Incident Detection and Handling
• Comprehensive knowledge of principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications
• Solid knowledge and experience in Splunk Enterprise Security suite. Exceptionally this requirement can be compensated with proven level of expertise in network analysis and threat hunting.
• Desirable
• Industry leading certification in the area of Cybersecurity such as GCIA, GNFA, GCIH.
• Good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to protection of CIS infrastructures.
• Solid understanding of Information Security Practices; relating to Confidentiality, Integrity and Availability of information (CIA triad)
• Solid knowledge and experience in threat hunting in corporate/government level environment
• Strong knowledge of malware families and network attack vectors
• Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across enterprise by combining security rules, content, policy and relevant datasets
• Ability to analyze attack vectors against a particular system to determine attack surface
• Ability to produce contextual attack models applied to a scenario

Benefits:
Required Security Clearance: NATO Secret

Job Type: Full-time