SC2023-002740 Cyber Security Data Engineer - MISP (NS) - FRI 17 Mar
Mons, Wallonia, Belgium
Deadline Date: Friday 17 March 2023
Requirement: Cyber Security Data Engineer - MISP
Location: Mons, BE
Full time on-site: Yes
Time On-Site: 100%
NATO Grade: A/106
Total Scope of the request (hours): 1200
Required Start Date: 17 April 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
Duties and Role:
Main responsibilities:
- Install, deploy, monitor, maintain, configure and keep in operational conditions the Malware Information Sharing Platform (MISP) systems.
- Act as the Subject Matter Expert for MISP.
- Troubleshoot identified issues, liaise with other stakeholders and co-ordinate resolution of those issues.
- Identify any upgrade requirements and implement new versions following relevant testing and internal change management process.
- Proactively propose system and service improvements to provide effective and efficient service operations.
- Implement approved changes.
- Collaborate with other stakeholders supporting project related activities (new implementations, system upgrades/changes, etc.).
- Ensure the level of security (Confidentiality, Integrity, and Availability) meets or exceeds the minimum-security requirements defined by NATO security authorities.
- Organize and steer MISP User Group (MUG) whenever required but not less than twice per year.
- Act as the interface between the MN MUG and the MN MISP Steering Board to ensure the MN MISP continues to provide its expected added value to NATO and the participating nations.
- Actively participate in the wider MISP community discussions to propose and review change proposals.
- Support the SDM in providing the metrics to be integrated into wider NCSC or NCIA products, delivering second and third line support for MISP users and supporting any Root Cause Analysis (RCA) requested.
- Occasionally provide support to the rest of the section with the maintenance of other specialized tools such as Security Incident and Event Management, Vulnerability Assessment and Computer Forensic.
- Perform technical co-ordination as required with NATO CIS authorities.
- Produce metrics to be integrated into wider NCSC or NCI Agency products that are being delivered up to NATO executive management level.
- Maintain awareness of new technologies and developments, industry standards and best practices within the wider IA community and provide support for the selection of new cyber tools.
- Produce technical reports and support the production of executive level reports.
- Review security documentation and provide technical advice.
- When required work autonomously and proactively.
Expected outcomes
Under the direction of the STMS Section Head, the incumbent shall deliver the following:
Daily:
- Report on system status, results of the health checks and details on any issues identified.
- In case of any issues, preparation of a resolution plan and any applicable mitigations. The initial plan has to be prepared within 1 working day.
- Manage the ticket queue related to the tools under incumbent's responsibility. The incumbent will respond to all Critical within the same day. High tickets require a response the next day the latest. All other tickets shall be updated at least once a week.
Weekly:
- A brief summarising current situation with ongoing tickets. It shall include any critical as well as system affecting high tickets.
- Any identified issues, which took place or are anticipated in the future have to be added to the brief.
Annually:
- At least two times a year organise MUG conference following guideline from the section head and MISP SDM
- Provide a report summarising the event and submit it to SDM
Performance Standards
- Timely delivery of the reports and briefs.
- The section head and/or team lead will regularly assess quality of the deliverables.
- The reports shall contain key elements such as date and time of system checks, expected outcome, observed situation.
- In case of reported issues provide details on 5W: who (is affected), what (happened), when (day/time), where (which systems), why (any supporting details, potential hypothesis).
Requirements
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance
- Essential to have a Bachelor's Degree in Computer Science combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience.
Mandatory
- Excellent abilities in software development/programming and code review;
- Excellent abilities in writing and reviewing scripts, mostly in Python language;
- 2 year's demonstrable experience solely in web development in PHP and/or Python;
- Very good technical understanding of the cyber threats to web-based products;
- Demonstrated experience in using API for data ingestion and tools integration;
- Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat;
- Demonstrated experience in the management and administration of SQL databases;
- Demonstrated experience in the use of APIs for data ingestion and integration;
- Understanding of service delivery management and service lifecycle.
- Working knowledge of automation technologies (Ansible)
- Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
- Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
- Ability to investigate and analyse complex scenarios and solve problems in innovative ways
- Demonstrable ability to work autonomously and proactively
Desirable
- Prior experience in the use and administration of MISP (Malware Information Sharing Platform);
- Code contributions to MISP as open source project;
- Previous experience in working in a Cyber Security field (CERTs, security office…)
- Prior experience of working in an international environment comprising both military and civilian elements;
- Experience with the technical management of Splunk as Enterprise SIEM
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible APIs Automation Clearance Computer Science Linux Malware MISP NATO Open Source PHP Python Security Clearance SIEM Splunk SQL UNIX Vulnerabilities
Perks/benefits: Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs