SC2023-002719 Cyber Security Sr Automation Specialist (NS) - THU 29 Jun RELAUNCH

Deadline Date: Thursday 29 June 2023

Requirement: Cyber Security Senior Automation Specialist

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

NATO Grade: A3/115

Total Scope of the request (hours): 1100

Required Start Date: 14 August 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

NOTE: Previously proposed candidates were non-compliant for the following reasons:

• Candidate did not demonstrate required automation and conceptual automation understanding during the interview (playbook, use case, correlation search and event).
• Candidate never responded to the rescheduling the interview, after canceling the interview on short notice.
• Candidate previously worked for NCIA and is not recommended for this job
• Candidate doesn't have enough Automation experience, only experience in managing automation tools, not using them.
• Candidate, during the interview, demonstrated lack automation experience, and ommunications was bad.
• Candidate's CV does not show any automation experience and any programming experience.
• Candidate has too many discrepancies in his/her CV.

Specific Working Conditions: Secure environment with standard working hours, with the exception of working in non-standard working hours up to 360 hours annually.

In addition it may exceptionally be required to work non-standard hours in support of a major Cyber Incident, or on a shift system for a limited period of time due to urgent operational needs

Duties & Role:

As a Cyber Security Senior Automation Specialist, the service provider will provide technical subject matter expertise for the development of automation tools in support of NCSC Operations branch. In addition, the service provider will support project and exercises when required.

Duties

The main duties as CSSAS will be to:

• Develop tools, scripts, automation and integrations to automate complex cyber security activities, primarily using Splunk SOAR, Python, Bash and PowerShell.
• Maintain and develop existing Splunk SOAR playbooks.
• Use automation tools to leverage third party intelligence resources and APIs.
• Manage and create documentation related to automation tools.
• Work closely with other teams and personnel within NCSC to identify and design new automation capabilities and procedural workflows.
• Create dashboards and reports for situational security awareness purposes and business performance reporting.
• Identify, report and track misconfigurations in security tools.
• Support project activities and the wider operational teams as required.

Deliverables

The main deliverables as will be to:

• The provider shall develop and maintain automation tools and playbooks that save NCSC Ops branch at least 3000 hours per annum. Once this initial automation capability is delivered, the provider shall maintain it, make updates as requested, and further mature the Ops branch automation capability by providing new automation tools and playbooks every month that save NCSC Ops 100 hours per annum.
• The provider shall implement useful, custom automation playbooks for each deployed detection use case.
• The provider shall liase with security tools managers to deploy and configure new apps or tools, and be responsible for following the change process related to delivery of this service.
• The provider shall maintain and update existing automation playbooks and documentation. Issues with automation tools supporting critical alerts shall be resolved within one working day and expected availability of automation playbooks is 99%.
• The provider shall respond to new automation requests with development plans. Including estimation of development and maintenance time required, in order for the return on investment to be estimated and to get management approval before resources are directed towards the development.
• For coordination purposes and due to the access required, the provider of this service shall work onsite, at SHAPE, Mons, Belgium.
• Work with NCSC Ops branch to identify and propose new automation solutions and improvements.
• Respond to ad-hoc tasks given by the service delivery manager and cell head.
• The service provider is expected to provide high quality deliverables in accordance with internal processes.
• The service provider shall be responsible for complying with all applicable local employment laws, in addition to following all SHAPE & NCIA onboarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.
• Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period.
• For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarization and assessment process. Delivery of the service cannot begin until this is complete.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Strong knowledge of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures.
• Strong knowledge and demonstrable experience with scripting languages and integration tools including Python, PowerShell and Bash.
• Hands on experience with Splunk ES suite and Splunk SOAR (Experience with other SOAR systems will also be considered).
• Good understanding of cyber security event triage, analysis and response.
• Good understanding of the network security devices and log sources used in SIEM.
• Good understanding of network communication protocols.

Desirable

• Expert level of knowledge and demonstrable experience with Splunk ES suite and Phantom SOAR.
• Expert level of knowledge and demonstrable experience Python scripting language and related frameworks.
• Strong understanding of Git.
• Industry leading certification in the area of cyber security.