SC2023-002701 IT Analyst- Cloud-Based Ext. Attack Surface Mgmt. (NS)- TUE 21 FEB
Mons, Wallonia, Belgium
Deadline Date: 21-FEB-2023
Requirement Title: IT Analyst- Cloud-Based External Attack Surface Management
Location: Mons, BE
Full time on-site: Yes
NATO Grade: A/86
Total Scope of the request (hours): 1372
Required Start Date: 20-MAR-2023
End Contract Date: 31-DEC-2023
Required Security Clearance: NATO Secret
Duties and Role
Under the direction of the NCSC Security Compliance (OVA) Cell Head/Service Delivery Manager, the incumbent shall execute following tasks:
- On a daily basis, monitor and analyse EASM data to identify and respond to potential threat.
- Configure and maintain the cloud-based EASM tool including the process to authorize users to access the EASM tool.
- Collaborate with other members of the NATO Security Teams to ensure the protection of enterprise assets.
- Ensure remediation and mitigations recommendations are compliant with relevant NATO standards and regulations.
- Stay current with emerging security threats and technologies.
- Actively engage in the remediation process, follow its progress and report on it.
- Weekly / Monthly report with the found vulnerabilities, remediation actions taken and status. • Keep an up-to-date list of POC responsible of internet facing services.
- Perform the reporting tasks on the NATO High Side network (note: the NATO High Side network is not accessible from outside the NCSC premises perimeter)
Deliverables and Expected Outcomes:
Under the direction of the NCSC Security Compliance (OVA) Cell Head/Service Delivery Manager, the incumbent shall deliver the following:
- Daily: maintain a comprehensive list of all vulnerabilities being taken care of, along with their remediation or mitigation status. The dataset shall be updated no later than 2 working days after the notification of a change is received.
- Weekly: deliver a comprehensive vulnerability report the SDM and SAO, taking into account all vulnerabilities posing a security risk to the monitored organization, remediation actions recommended to the system/application owners and the status of the recommended actions. The weekly report is expected to be delivered each first working day of a calendar week, before Close of Business. No weekly report is due if that week does not include any working day (for instance: long official holidays such as Christmas break).
- Monthly: deliver vulnerability report to the SDM and SAO, with an overview of the critical/high vulnerabilities identified, the status of the recommended actions to show in a graphic way the trend of the security posture of the internet facing services. The monthly report is expected to be delivered within 5 working days after the last working day of the past month.
- Yearly: deliver a report to the SDM and SAO, with a summary of all events and actions that occurred during the year. The yearly report is expected to be delivered within 15 working days after the last working day of the past year.
Performance Standards
- Timely delivery of the reports as specified on the deliverables and expected outcomes Section.
- Quality of the content of the reports will be assessed regularly by the SDM / SAO.
- The reports shall contain key elements of the vulnerabilities identified, systems affected, time of discovery of the vulnerability, time of communicating the vulnerability to the system/application owners, status of the actions recommended to mitigate/remediate the identified vulnerability together with any other relevant information that will provide an additional value to the report.
Requirements
Skill, Knowledge & Experience:
- NATO Secret Clearance
- Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience
- 3+ years of experience in IT security, with a focus on Security Audit and / or Security Assessment of large organisation
- Strong understanding of security best practices and experience with cloud-based infrastructure
- Knowledge of relevant NATO standards and regulations
- Strong analytical and problem-solving skills
- Excellent communication and collaboration skills
- The incumbent shall be able to understand and interpret the outcomes of security audit reports (NATO high side network).
- Experience with threat intelligence, incident response and remediation a plus
- Knowledge of NATO organization and its IT infrastructure is a plus
- Certifications such as CISSP, CISM, or CISA is a plus.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISM CISSP Clearance Cloud Compliance Computer Science Incident response IT infrastructure NATO Security assessment Security Clearance Threat intelligence Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs