OCIO-0007 Cyber Threat Intelligence Analyst Services (NS) - MON 3 Oct
Brussels, Brussels, Belgium
Deadline Date: Monday 3 October 2022
Requirement: Cyber Threat Intelligence Analyst Services
Location: Brussels, BE
Full time on-site: Yes
NATO Grade: G12/75
Total Scope of the request (hours): 440
Required Start Date: 31 October 2022
End Contract Date: 31 December 2022
Required Security Clearance: NATO SECRET
The NATO Office of the Chief Information Officer (OCIO) is responsible for Cyber Defence for the NATO Enterprise. The OCIO has been tasked to increase NATO’s Cyber Defence posture. As part of this initiative, the OCIO plans to enhance the ability of NATO’s Cyber Threat Analysis Branch (CTAB) within the Joint Intelligence & Security Division to provide the quality and quality of cyber intelligence products required by the NATO Enterprise. The contractor will work for the OCIO, however, will be located with CTAB.
The Cyber Threat Analysis Branch is responsible for providing evidence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leaderships’ understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting.
The contractor will support the work of the OCIO and the Cyber Threat Analysis Branch by reviewing and analysing past incidents and getting insights on trends and possible threat actor attack patterns targeting NATO.
In providing Cyber Threat Intelligence Analyst services, the contractor will be responsible for tracking, reviewing and correlating (historic) events/incidents that are observed by NATO’s internal incident response team. Specific tasks include:
2.1 Support with the development of a process, procedure and methodology to track cluster and link incident tickets together:
Measurement: A document that describes the process, procedure and methodology followed to assess, cluster and link incident response tickets.
2.2 Review, triage, assess, cluster and link historic events/incidents together based on ticket data. Assist in the prioritization of the development of threat hunt playbooks, based on observed and recurring activity. Liaise with NATO’s Incident Handling Officers to understand tickets and request more technical data when needed.
Measurement: Report on incidents that show overlap, links, etc, describing why they are linked, why it matters, lessons that can be learned and how to defend against the type of activity.
2.3 Assess, cluster and link disparate activity into related intrusions & campaigns.
Measurement: Merger or cross-correlation of intrusion sets into operations or campaigns.
2.4 Support Enterprise risk and incident management activities
Measurement: support information exchange with OCIO, based on cyber threat data analysis and trend information.
Exploration of how above correlated information could be ingested and rendered in Enterprise tools used by the OCIO.
The services will be provided on site at the NATO HQ offices in Brussels, Belgium.
The services of the contractor are to be provided in the period of 31st October 2022 until 31th December, 2022. An earlier start date is possible, if feasible by the contractor.
Under the current framework contract, a contract extension is possible for the calendar year 2023.In any case, future contract extensions are subject to performance of the contractor and related NATO regulations.
6. SPECIFIC WORKING CONDITIONS
Secure environment with standard working hours, with the exception of working in non-standard working hours up to 360 hours annually.
In addition, it may exceptionally be required to work non-standard hours in support of a major Cyber Incident or on a shift system for a limited period due to urgent operational needs.
No travel is required.
8. SECURITY AND NON-DISCLOSURE AGREEMENT
The contracted individual must be in possession or capable of possessing a security clearance of NATO Secret.
A signed Non-Disclosure Agreement will be required.
Annex A – Special Terms and Conditions
- The contractor will be responsible for complying with the respective national requirements for working permits, visas, taxes social security etc. whilst working on site at NATO HQ- Brussels, Belgium.
- No special status is either conferred or implied by the host organisation, NATO HQ- Brussels, Belgium on to the contractor whilst working on site.
- The contractor will be responsible for complying with all the respective National Health COVID-19 regulations for quarantine on arrival in Belgium before taking up the position.
- The candidate must have a currently active NATO SECRET security clearance.
- A university degree from a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of the service provider’s particular abilities or experience that is/are of interest to the OCIO; that is, at least 7 years extensive and progressive expertise in the tasks related to providing cyber threat intelligence analyst services.
- Advanced level in at least three of the following areas and a high level of experience in the other areas:
- Experience analysing and synthesizing security events and incidents in a high-speed environment.
- Knowledge and experience in analysis of incidents, attack patterns and tactics, techniques, and procedures (TTPs).
- Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools.
- Experience with threat hunting, including deep knowledge of operating systems and windows internals.
- Strong knowledge of malware families and network attack vectors.
- Applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; windows and Linux system internals and experience threat hunting in Enterprise environments; and network forensics including common protocols and how those are used in adversary operations.
- Applied knowledge of a variety of adversary command and control methods and protocols.
- Ability to produce contextual attack models applied to a scenario.
- Experience working in a threat intelligence team.
- Knowledge of JIRA.
* Salary range is an estimate based on our salary survey 💰
Other jobs like this
Explore more Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Infrastructure Security Engineer jobs
- Open Head of Information Security jobs
- Open Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open SOC Analyst jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Staff Application Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Specialist jobs
- Open Application Security Engineer/Architect jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Program Manager jobs
- Open Offensive Security Engineer jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open GCP-related jobs
- Open Clearance-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open CISM-related jobs
- Open CI/CD-related jobs
- Open CISA-related jobs
- Open SQL-related jobs
- Open DevSecOps-related jobs
- Open Finance-related jobs
- Open PowerShell-related jobs
- Open Security assessment-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs