SC2023-002994 Cyber Security Senior Automation (NS) - WED 9 Aug

Deadline Date: 09 August 2023

Requirement Title: (ex-SC2022/002067) Cyber Security Senior Automation Specialist

Location: Mons, BE

Full time on-site: Yes

NATO Grade: A/115

Total Scope of the request (hours): 570

Required Start Date: 20-SEP-2023

End Contract Date: 31-DEC-2023

Required Security Clearance: NATO Secret

Duties and Role

Incumbent will provide technical subject matter of expertise for automation of incident detection and response, business reporting, and situational awareness as a member of the Cyber Security

Service Line. In addition to the main responsibilities, when required, the incumbent will also provide subject matter expertise in support of projects and exercises.

Main responsibilities:

• Create automated detection and response capabilities using SIEM, SOAR and other available toolsets.
• Develop tools, scrips, and integrations to automate activities as much as possible, mostly using Splunk SOAR, Python, Bash and PowerShell.
• Develop and maintain SOAR playbooks.
• Develop and maintain custom Splunk SOAR Apps.
• Create and optimize SIEM content based on use cases provided by other team members as requested.
• Create dashboards and reports for situational awareness purposes.
• Create technical reports for business and performance reporting.
• Share business information with stakeholders via dashboards and technical reports.
• Support project activities as end user representative for the team when needed.
• Propose possible optimisations and enhancements to both maintain and improve NATO's Cyber Security posture.
• Support threat hunting activities by gathering and correlating data using multiple resources.
• Identify and track temporary deficiencies in security tool posture for situational awareness purposes.
• Participate in, or support a Cyber Security Response Team designated to provide Cyber Security Incident Response happening on one or multiple physical locations, including NATO Alliance Operations and Missions.

Specific Working Conditions:

Normal office conditions in a secure environment with standard working hours, with the exception of working in non-standard working hours up to 360 hours annually. In addition it may exceptionally be required to work non-standard hours in support of a major Cyber Incident, or on a shift system for

a limited period of time due to urgent operational needs.

Requirements

• NATO Secret Security clearance
• A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 7 years extensive and progressive expertise in the duties related to the function of the post.

Mandatory:

• Expert knowledge and demonstrable experience in scripting, automation, playbook development, and integration with tools including Python, PowerShell and Bash.
• Experience working with APIs.
• Linux Experience.
• Good understanding of cyber security event triage, analysis and response.
• Good understanding of the network security devices and log sources used in SIEM.

Desirable:

• Knowledge of Splunk Processing Language
• Knowledge and experience with Splunk ES suite.
• Experience administering SOAR systems.
• Demonstrable experience in cyber security event triage, analysis and response.
• Industry leading certification in the area of programming or cybersecurity.
• A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad).