SC2023-002717 Cyber Security Analyst 2 (NS) - FRI 19 May
Mons, Wallonia, Belgium
Deadline Date: Friday 19 May 2023
Requirement: Cyber Security Analyst 2
Location: Mons, BE
Full time on-site: Yes
Time On-Site: 100%
NATO Grade: A/97
Total Scope of the request (hours): 1100
Required Start Date: 19 June 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
Specific Working Conditions: The service provider will work as part of a team to provide 24/7 year round coverage in a safe and secure environment on a shift rota basis.
NOTE: Previously proposed candidates were non-compliant for the following reasons: - Candidate’s CV demonstrates only one mandatory expert knowledge areas. - Candidates during the interview showed that they lack Splunk’s knowledge - Candidate failed to respond to the Screening. - Candidate’s CV does not demonstrate any of the mandatory expert knowledge areas. - Candidates lack Strong witten and spoken communication skills - Candidate’s basic technical knowledge and understanding of scenarios are not good enough. - Candidate previously worked for NCIA and is not recommended for this job - Candidate’s profile is more focus to infrastructure than analyst. - Candidate lacks splunk experience
Duties & Role:
As a Cyber Security Analyst, the service provider will work on shifts to perform initial triage and analysis of security alerts. The CSA will collate information about both logs and network traffic in a clear, structured format, providing remediation recommendations and first response actions where applicable. The successful candidate should be capable of working without supervision to assess alert severity and escalate when required.
2.1 Duties
The main duties as CSA will focus on:
- Triaging and investigating security alerts in Splunk Enterprise Security.
- Providing in-depth analysis of firewall, IDS, anti-virus and other network sensor events to report findings clearly.
- Enhancing investigations by leveraging the comprehensive extended toolset (e.g. Splunk, NIDS, FPC and SOAR).
- Providing analyst expertise in response to ongoing cyber security incidents.
- Supporting the end-to-end incident handling process.
- Assisting in the management of internal block lists.
- Proposing security content optimisations and enhancements that help maintain and improve NATO's Cyber Security posture.
- Assisting in on boarding and training of new team members.
- Assuming the role of security analyst shift lead, assisting with team management and prioritisation of analyst workload.
2.2 Deliverables
The main deliverables as CSA will be to:
- Provide an average of 139 hours/month working in office as part of a predetermined 24/7 shift rota.
- Triage, analyse and respond to alerts. On average 300 – 500 alerts per day are expected. All critical alerts will be responded to within three hours.
- Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents.
- Propose no fewer than five security content optimisations and enhancements per week.
- Oversee the production and release of bulletins for internal block lists, on average, three times per week.
- Review existing block lists and add new indicators of compromise to block lists, on average 20 per day.
- Create an average of two MISP events per week based on provided intelligence reports.
- Respond to ad-hoc tasks given by the service delivery manager and cell head.
- The service provider is expected to provide accurate and complete deliverables in accordance with internal processes.
- The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.
- Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period.
- For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarization and assessment process. Delivery of the service cannot begin until this is complete.
Requirements
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance
- Comprehensive knowledge of the principles of computer and communications security including knowledge of TCP/IP networking, Windows and Linux operating systems.
- Broad understanding of common network security threats and mitigation techniques.
- Experience in Security information and event management products (SIEM) – e.g. Splunk.
- Experience in Analysis of network based intrusion detection systems (NIDS) events– e.g. FirePower, Palo Alto Network Threat Prevention.
- Experience in Analysis of logs from a variety of sources (e.g. firewalls, proxies, routers, DNS and other security appliances).
- Experience in Network traffic capture analysis using Wireshark.
- Logical approach to analysis and ability to perform structured security investigations using large, complex datasets.
- Knowledge of endpoint detection and analysis techniques.
- Strong written and spoken communication skills.
- Ability to work independently and as part of a team.
Desirable
- Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH.
- Experience working in a security operations centre (SOC), Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT).
- Hands on experience with Splunk Enterprise Security and/or Splunk SOAR.
- Experience in Full packet capture systems – e.g. Niksun, RSA/NetWitness.
- Experience in Host based intrusion detection systems (HIDS).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CERT Clearance DNS Firewalls GCIA GCIH GNFA IDS Incident response Intrusion detection Linux MISP NATO Network security RSA Security Clearance SIEM SOAR SOC Splunk TCP/IP Windows
Perks/benefits: Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs