NATOIS-0001 Cybersecurity Data Scientist (NS) - WED 20 Jul

Deadline Date: Wednesday 20 July 2022

Requirement: Cybersecurity Data Scientist

Location: Brussels, BE

Full time on-site: No

NATO Grade: G17/132

Total Scope of the request (hours): 880 (2023 Option: 2080)

Required Start Date: 8 August 2022 (Flexible)

End Contract Date: 31 December 2022

Required Security Clearance: NATO SECRET

Duties and Role:

1. INTRODUCTION

The Cyber Threat Analysis Branch is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting.

The contractor will support the work of the Cyber Threat Analysis Branch and help the development of automating cyber threat discovery and trend analysis by applying data science techniques and models.

2. TASKS

To provide Cyber Threat Data Science services, the contractor will be responsible for supporting threat intelligence analysis by creating tools and performing net flow analysis to enable identifying and tracking sophisticated threat actors. Specific tasks include:

2.1 Develop and implement data science tooling, infrastructure and training, enabling CTAB to exploit existing internal and external data sources through best-practice data science methods.

2.2 Develop prototypes and concepts support the initial operating capability of CTAB’s contribution to NATO’s Artificial Intelligence (AI) Strategy.

2.3 Develop and implement Data Science, Artificial Intelligence (AI) and other forms of advanced analytics to support (a) network defence operations and (b) operational analysis of cyber threats.

4. LOCATION

The work will be mostly off site; travel to the NATO HQ offices in Brussels, Belgium will be required periodically. The expected travel would be every 12 weeks for a period of 3-5 days (no more than five days within a three-month period is foreseen).

5. TIMELINES

The services of the contractor are required for the period starting 8 August 2022 until 31 December, 2023. An earlier start date is possible, if feasible for the contractor if mutually agreed. Future contract extensions are subject to performance of the contractor and related NATO regulations.

6. SPECIFIC WORKING CONDITIONS

Secure environment with standard working hours, with the exception of working in non-standard working hours up to 360 hours annually.

In addition, it may exceptionally be required to work non-standard hours in support of a major Cyber Incident, or on a shift system for a limited period of time due to urgent operational needs.

7. TRAVEL

No travel is required, except as stated in article 4 above.

8. SECURITY AND NON-DISCLOSURE AGREEMENT

The contracted individual must be in possession or capable of possessing a security clearance of NATO Secret.

A signed Non-Disclosure Agreement will be required.

Annex A – Special Terms and Conditions

The contractor will be responsible for complying with the respective national requirements for working permits, visas, taxes social security etc. whilst working on site at NATO HQ- Brussels, Belgium.

No special status is either conferred or implied by the host organisation, NATO HQ- Brussels, Belgium on to the contractor whilst working on site.

The contractor will be responsible for complying with all the respective National Health COVID-19 regulations for quarantine on arrival in Belgium before taking up the position.

Requirements

3. PROFILE

• The candidate has a NATO SECRET security clearance
• A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a contractor’s particular abilities or experience that is/are of interest to CTAB; that is, at least 7 years extensive and progressive expertise in the tasks related to the function of the cyber security threat research.

Mandatory

Expert level in the following areas and a high level of experience in the other areas:

• Deep experience and knowledge in data science and how to apply it in the domain of cyber defence and threat analysis;
• Experience in the field of cyber defence;
• Thorough knowledge of Linux (Debian based) Operating Systems;
• Knowledge of AWS cloud environments and the tooling available;
• Expertise in Python coding and Jupyter notebooks;
• Expertise in data modelling and graph databases;

Desirable

• Applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; host and log forensics including methods of data collection and analytic techniques.
• Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools.
• Experience with Vertex Synapse and Storm data language strongly preferred.