Second Line Security Event Analyst - Threat Hunter

工作内容

Working Location:
Mons, Belgium

Security Clearance:
NATO Cosmic Top Secret / DV

Language:
High proficiency level in English

language

EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
·

University degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of particular abilities or experience that is/are of interest to NCI Agency; that is, 7+ years extensive and progressive expertise in the duties

·

Expert level in 3+ of the following areas and a high level of experience in several of the other areas:

ü

Security Incidents Event Management products (SIEM) – e.g. Splunk

ü

Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Prevention

ü

Host Based Intrusion Detection Systems (HIDS)

ü

Full Packet Capture systems – e.g. Niksun, RSA/NetWitness

ü

A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)

ü

Computer forensics tools (stand alone, online and network) Computer incident response centre (CIRT), computer emergency response team (CERT)

ü

Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc)

·

Proficiency in Intrusion/Incident Detection and Handling, Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications

Desirable Qualifications/Experience:
Industry leading certification in the area of Cybersecurity such as GCIA, GNFA, GCIH

Solid knowledge and experience in Splunk Enterprise Security suite

A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures

A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)

Solid knowledge and experience in threat hunting in corporate/government level environment

Strong knowledge of malware families and network attack vectors Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets

Ability to analyze attack vectors against a particular system to determine attack surface

Ability to produce contextual attack models applied to a scenario

Experience in scripting languages

DUTIES/ROLE

Provide detailed analysis of logs and network traffic and making security event determinations on alarm severity delivering detailed investigation and remediation activities as member of the Cyber Security Service Line

Attend threat hunting activities as tasked by management

Implement threat hunting and create technical reports related to threat hunting activities when requested

Analyze intelligence information gathered from both internal and external threat intelligence resources

Create technical use case documentation for threat hunting

Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses when requested

Provide expert investigative support of large scale and complex security incidents

Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team

Analyze firewall, IDS, anti-virus and other sensor produced system security events and present findings

Provide detailed technical reports about incidents and capability improvements

Share security event/incident information with stakeholders via presentations and technical reports

Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc) to identify malicious activity

Be able to recommend improvements to enable enhancing investigations

Provide Subject Matter Expertise supporting the end-to-end Cyber Security Incident Handling process

Propose possible optimisations and enhancement which help to both maintain and improve NATO’s Cyber Security posture