SC2023-002718 Senior Incident Detection Analyst Cloud Security (NS) - WED 1 Mar
Mons, Wallonia, Belgium
Deadline Date: Wednesday 1 March 2023
Requirement: Senior Incident Detection Analyst - Cloud Security
Location: Mons, BE
Full time on-site: Yes
NATO Grade: A/106
Total Scope of the request (hours): 1254
Required Start Date: 3 April 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
Specific Working Conditions: Secure environment with standard working hours, with the exception of working in non-standard working hours up to 360 hours annually.
In addition it may exceptionally be required to work non-standard hours in support of a major Cyber Incident, or on a shift system for a limited period of time due to urgent operational needs.
Duties & Role:
As a Senior Incident Detection Analyst (Cloud Security), the service provider will provide detailed analysis of logs and network traffic with a focus on cloud infrastructure. The successful candidate will be responsible for managing and maintaining the organisation's cloud security operations, including monitoring for and responding to security incidents.
Duties
- Provide subject matter expertise in the area of cyber security monitoring and detection within cloud infrastructure environments.
- Triage, analyse and respond to alerts originating from complex cloud infrastructure deployments and on-premise networks and security devices.
- Identify security gaps in NATO cloud security infrastructure, in addition to developing and maintaining new and existing use cases, using our on-premise SIEM solution (i.e., Splunk Enterprise Security).
- Develop processes for cloud security monitoring, including documentation of all use cases.
- Review current log collection state for NATO cloud environments, identify gaps and suggest improvements.
- Analyse threat intelligence pertinent to cloud environments to identify any new and developing security risks.
- Propose and work towards automating repetitive tasks related to cloud security monitoring and detection.
- Provide training and support to other members of the organisation on the subject of cloud security best practices and incident response procedures.
- Be flexible and support your colleagues in securing NATO networks through ad hoc tasks.
- Ensure that the organisation's cloud infrastructure and security practices comply with applicable laws, regulations, and industry standards.
Deliverables
- Provide an average of 139 hours/month working on-site, embedded in the NCSC Ops Branch located in SHAPE, Casteau, Belgium.
- Develop new alerts, searches, reports and dashboards for security monitoring and detection specific to cloud environments. Each use case must reference the MITRE attack framework.
- Triage, analyse and respond to alerts. All critical alerts will be responded to within three hours.
- The service provider is expected to take the initiative to identify detection gaps, monitor the latest threats and offer suggestions for new content to the management team. Where possible full coverage of the MITRE attack framework is required. In some cases, it may be necessary to leverage solutions provided within the cloud environment itself.
- Provide and maintain full documentation for all cloud use cases, detailing the purpose of the use cases, how the logic functions and the actions that should be taken during an investigation.
- Develop dashboards that can provide situational awareness related to the security of the organisation's cloud security infrastructure. Including service KPIs and incident response metrics.
- Respond to ad hoc tasks given by the service delivery manager and cell head.
- Propose at least five security content optimisations and enhancements per week within cloud environment.
- The service provider is expected to provide accurate and complete deliverables in accordance with internal processes.
- The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.
- Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period.
- For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarization and assessment process. Delivery of the service cannot begin until this is complete.
Requirements
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance
- Comprehensive knowledge of the principles of computer and communications security including knowledge of TCP/IP networking, Windows and Linux operating systems.
- Broad understanding of common network security threats and mitigation techniques.
- Experience in Security information and event management products (SIEM) – e.g. Splunk.
- Experience in Analysis of network based intrusion detection systems (NIDS) events– e.g. FirePower, Palo Alto Network Threat Prevention.
- Experience in Analysis of logs from a variety of sources (e.g. firewalls, proxies, routers, DNS and other security appliances).
- Experience in Network traffic capture analysis using Wireshark.
- Logical approach to analysis and ability to perform structured security investigations using large, complex datasets.
- Knowledge of endpoint detection and analysis techniques.
- Strong written and spoken communication skills.
- Ability to work independently and as part of a team.
Desirable
- Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH.
- Experience working in a security operations centre (SOC), Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT).
- Hands on experience with Splunk Enterprise Security and/or Splunk SOAR.
- Experience in Full packet capture systems – e.g. Niksun, RSA/NetWitness.
- Experience in Host based intrusion detection systems (HIDS).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CERT Clearance Cloud DNS Firewalls GCIA GCIH GNFA Incident response Intrusion detection KPIs Linux Monitoring NATO Network security RSA Security Clearance SIEM SOAR SOC Splunk TCP/IP Threat intelligence Windows
Perks/benefits: Flex hours Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs