SC2022-002067 Cyber Security Senior Automation Specialist (NS) TUE 16 MAY
NOTE: This is a sole source RFQ. Candidate resumes will be submitted as we receive them.
DEADLINE DATE: TUESDAY 16 MAY 2023
Requirement Title: Cyber Security Senior Automation Specialist
Work Location: Mons, BE
Full time on-site: Yes
Equivalent NATO Grade: A3/118
Total Scope of the request (hours): 976
Required Start Date: 1 June 2023 (or closest available date)
Specific Working Conditions: Normal office conditions in a secure environment with standard working hours, with the exception of working in non-standard working hours up to 360 hours annually. In addition it may exceptionally be required to work non-standard hours in support of a major Cyber Incident, or on a shift system for a limited period of time due to urgent operational needs.
Required Security Clearance: NATO Secret
Incumbent will provide technical subject matter of expertise for automation of incident detection and response, business reporting, situational awareness as member of the Cyber Security Service Line.
In addition to main responsibilities, incumbent will be also focal subject matter expert in project and exercise support activities within the team.
Main responsibilities:
- Create automated detection and response capabilities using SIEM, SOAR and other available toolset.
- Develop tools, scripting, automation and integrations to automate activities as much as possible, mostly using Splunk Phantom, Python, Bash and PowerShell Develop and maintain SOAR playbooks.
- Create and optimize SIEM content based on use cases provided by other team members as requested.
- Create dashboards and reports for situational awareness purposes.
- Create technical reports for business and performance reporting.
- Share business information with stakeholders via dashboards and technical reports.
- Support project activities as end user representative for the team when needed.
- Propose possible optimisations and enhancements to both maintain and improve NATO's Cyber Security posture.
- Support threat hunting activities by gathering and correlating data using multiple resources.
- Identify and track temporary deficiencies in security tool posture for situational awareness purposes.
- Participate in, or support a Cyber Security Response Team designated to provide Cyber Security Incident Response happening on one or multiple physical locations, including NATO Alliance Operations and Missions.
Requirements
- Required Security Clearance: NATO Secret
- A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience.
- Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in the duties related to the function of the post.
Mandatory Skill, Knowledge & Experience:
- Detailed knowledge of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to protection of CIS infrastructures.
- Detailed knowledge and demonstrable experience on scripting languages and integration tools including Python, PowerShell and Bash Hands on experience with Splunk ES suite and Phantom SOAR
- Good understanding of cyber security event triage, analysis and response.
- Good understanding of the network security devices and log sources used in SIEM.
- Good understanding of communication mechanisms on modern internet-facing systems.
Desirable
- Expert level of knowledge and demonstrable experience with Splunk ES suite and Phantom SOAR
- Expert level of knowledge and demonstrable experience Python scripting language and related frameworks
- Demonstrable experience cyber security event triage, analysis and response.
- Industry leading certification in the area of Cybersecurity.
- A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)