SC2023-002740 Cyber Security Data Engineer - MISP (NS) - FRI 17 Mar

Mons, Wallonia, Belgium

Applications have closed

Deadline Date: Friday 17 March 2023

Requirement: Cyber Security Data Engineer - MISP

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

NATO Grade: A/106

Total Scope of the request (hours): 1200

Required Start Date: 17 April 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

Main responsibilities:

  • Install, deploy, monitor, maintain, configure and keep in operational conditions the Malware Information Sharing Platform (MISP) systems.
  • Act as the Subject Matter Expert for MISP.
  • Troubleshoot identified issues, liaise with other stakeholders and co-ordinate resolution of those issues.
  • Identify any upgrade requirements and implement new versions following relevant testing and internal change management process.
  • Proactively propose system and service improvements to provide effective and efficient service operations.
  • Implement approved changes.
  • Collaborate with other stakeholders supporting project related activities (new implementations, system upgrades/changes, etc.).
  • Ensure the level of security (Confidentiality, Integrity, and Availability) meets or exceeds the minimum-security requirements defined by NATO security authorities.
  • Organize and steer MISP User Group (MUG) whenever required but not less than twice per year.
  • Act as the interface between the MN MUG and the MN MISP Steering Board to ensure the MN MISP continues to provide its expected added value to NATO and the participating nations.
  • Actively participate in the wider MISP community discussions to propose and review change proposals.
  • Support the SDM in providing the metrics to be integrated into wider NCSC or NCIA products, delivering second and third line support for MISP users and supporting any Root Cause Analysis (RCA) requested.
  • Occasionally provide support to the rest of the section with the maintenance of other specialized tools such as Security Incident and Event Management, Vulnerability Assessment and Computer Forensic.
  • Perform technical co-ordination as required with NATO CIS authorities.
  • Produce metrics to be integrated into wider NCSC or NCI Agency products that are being delivered up to NATO executive management level.
  • Maintain awareness of new technologies and developments, industry standards and best practices within the wider IA community and provide support for the selection of new cyber tools.
  • Produce technical reports and support the production of executive level reports.
  • Review security documentation and provide technical advice.
  • When required work autonomously and proactively.

Expected outcomes

Under the direction of the STMS Section Head, the incumbent shall deliver the following:

Daily:

  • Report on system status, results of the health checks and details on any issues identified.
  • In case of any issues, preparation of a resolution plan and any applicable mitigations. The initial plan has to be prepared within 1 working day.
  • Manage the ticket queue related to the tools under incumbent's responsibility. The incumbent will respond to all Critical within the same day. High tickets require a response the next day the latest. All other tickets shall be updated at least once a week.

Weekly:

  • A brief summarising current situation with ongoing tickets. It shall include any critical as well as system affecting high tickets.
  • Any identified issues, which took place or are anticipated in the future have to be added to the brief.

Annually:

  • At least two times a year organise MUG conference following guideline from the section head and MISP SDM
  • Provide a report summarising the event and submit it to SDM

Performance Standards

  • Timely delivery of the reports and briefs.
  • The section head and/or team lead will regularly assess quality of the deliverables.
  • The reports shall contain key elements such as date and time of system checks, expected outcome, observed situation.
  • In case of reported issues provide details on 5W: who (is affected), what (happened), when (day/time), where (which systems), why (any supporting details, potential hypothesis).

Requirements

Skill, Knowledge & Experience:

  • The candidate must have a currently active NATO SECRET security clearance
  • Essential to have a Bachelor's Degree in Computer Science combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience.

Mandatory

  • Excellent abilities in software development/programming and code review;
  • Excellent abilities in writing and reviewing scripts, mostly in Python language;
  • 2 year's demonstrable experience solely in web development in PHP and/or Python;
  • Very good technical understanding of the cyber threats to web-based products;
  • Demonstrated experience in using API for data ingestion and tools integration;
  • Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat;
  • Demonstrated experience in the management and administration of SQL databases;
  • Demonstrated experience in the use of APIs for data ingestion and integration;
  • Understanding of service delivery management and service lifecycle.
  • Working knowledge of automation technologies (Ansible)
  • Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
  • Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
  • Ability to investigate and analyse complex scenarios and solve problems in innovative ways
  • Demonstrable ability to work autonomously and proactively

Desirable

  • Prior experience in the use and administration of MISP (Malware Information Sharing Platform);
  • Code contributions to MISP as open source project;
  • Previous experience in working in a Cyber Security field (CERTs, security office…)
  • Prior experience of working in an international environment comprising both military and civilian elements;
  • Experience with the technical management of Splunk as Enterprise SIEM

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Ansible APIs Automation Clearance Computer Science Linux Malware MISP NATO Open Source PHP Python Security Clearance SIEM Splunk SQL UNIX Vulnerabilities

Perks/benefits: Startup environment

Region: Europe
Country: Belgium
Job stats:  3  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.