SC2023-002717 Cyber Security Analyst 2 (NS) - FRI 19 May

Mons, Wallonia, Belgium

Applications have closed

Deadline Date: Friday 19 May 2023

Requirement: Cyber Security Analyst 2

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

NATO Grade: A/97

Total Scope of the request (hours): 1100

Required Start Date: 19 June 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Specific Working Conditions: The service provider will work as part of a team to provide 24/7 year round coverage in a safe and secure environment on a shift rota basis.

NOTE: Previously proposed candidates were non-compliant for the following reasons: - Candidate’s CV demonstrates only one mandatory expert knowledge areas. - Candidates during the interview showed that they lack Splunk’s knowledge - Candidate failed to respond to the Screening. - Candidate’s CV does not demonstrate any of the mandatory expert knowledge areas. - Candidates lack Strong witten and spoken communication skills - Candidate’s basic technical knowledge and understanding of scenarios are not good enough. - Candidate previously worked for NCIA and is not recommended for this job - Candidate’s profile is more focus to infrastructure than analyst. - Candidate lacks splunk experience

Duties & Role:

As a Cyber Security Analyst, the service provider will work on shifts to perform initial triage and analysis of security alerts. The CSA will collate information about both logs and network traffic in a clear, structured format, providing remediation recommendations and first response actions where applicable. The successful candidate should be capable of working without supervision to assess alert severity and escalate when required.

2.1 Duties

The main duties as CSA will focus on:

  • Triaging and investigating security alerts in Splunk Enterprise Security.
  • Providing in-depth analysis of firewall, IDS, anti-virus and other network sensor events to report findings clearly.
  • Enhancing investigations by leveraging the comprehensive extended toolset (e.g. Splunk, NIDS, FPC and SOAR).
  • Providing analyst expertise in response to ongoing cyber security incidents.
  • Supporting the end-to-end incident handling process.
  • Assisting in the management of internal block lists.
  • Proposing security content optimisations and enhancements that help maintain and improve NATO's Cyber Security posture.
  • Assisting in on boarding and training of new team members.
  • Assuming the role of security analyst shift lead, assisting with team management and prioritisation of analyst workload.

2.2 Deliverables

The main deliverables as CSA will be to:

  • Provide an average of 139 hours/month working in office as part of a predetermined 24/7 shift rota.
  • Triage, analyse and respond to alerts. On average 300 – 500 alerts per day are expected. All critical alerts will be responded to within three hours.
  • Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents.
  • Propose no fewer than five security content optimisations and enhancements per week.
  • Oversee the production and release of bulletins for internal block lists, on average, three times per week.
  • Review existing block lists and add new indicators of compromise to block lists, on average 20 per day.
  • Create an average of two MISP events per week based on provided intelligence reports.
  • Respond to ad-hoc tasks given by the service delivery manager and cell head.
  • The service provider is expected to provide accurate and complete deliverables in accordance with internal processes.
  • The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.
  • Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period.
  • For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarization and assessment process. Delivery of the service cannot begin until this is complete.

Requirements

Skill, Knowledge & Experience:

  • The candidate must have a currently active NATO SECRET security clearance
  • Comprehensive knowledge of the principles of computer and communications security including knowledge of TCP/IP networking, Windows and Linux operating systems.
  • Broad understanding of common network security threats and mitigation techniques.
  • Experience in Security information and event management products (SIEM) – e.g. Splunk.
  • Experience in Analysis of network based intrusion detection systems (NIDS) events– e.g. FirePower, Palo Alto Network Threat Prevention.
  • Experience in Analysis of logs from a variety of sources (e.g. firewalls, proxies, routers, DNS and other security appliances).
  • Experience in Network traffic capture analysis using Wireshark.
  • Logical approach to analysis and ability to perform structured security investigations using large, complex datasets.
  • Knowledge of endpoint detection and analysis techniques.
  • Strong written and spoken communication skills.
  • Ability to work independently and as part of a team.

Desirable

  • Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH.
  • Experience working in a security operations centre (SOC), Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT).
  • Hands on experience with Splunk Enterprise Security and/or Splunk SOAR.
  • Experience in Full packet capture systems – e.g. Niksun, RSA/NetWitness.
  • Experience in Host based intrusion detection systems (HIDS).


* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CERT Clearance DNS Firewalls GCIA GCIH GNFA IDS Incident response Intrusion detection Linux MISP NATO Network security RSA Security Clearance SIEM SOAR SOC Splunk TCP/IP Windows

Perks/benefits: Startup environment Team events

Regions: Europe North America
Countries: Belgium United States
Job stats:  7  1  0
Category: Analyst Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.