L2 security event analyst - Sparagus - Mons
Sparagus
Région
Mons
Title:
4854-0 Second line security event analyst
Location:
Mons
Duration:
836 Hours, November 23, 20 20 – December 31, 20 20
Deadline:
October 27 , 20 20
NATO Clearance:
NATO level C O S M I C T O P S E C R E T
Evaluation by:
Lowest Price Technically Compliant (LPTC)
Incumbent:
No
Duties/Roles:
As Second Line Security Event Analyst (SLSEA), the incumbent will provide detailed analysis of logs and network traffic and making security event determinations on alarm severity delivering second level investigation and remediation activities as member of the Cyber Security Service Line.
Main responsibilities: Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team ;
Provide analysis of firewall, IDS, anti-virus and other network sensor produced system security events and present findings
Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc) to identify malicious activity.
Be able to recommend improvements to enable enhancing investigations
Provide Subject Matter Expertise supporting the end-to-end Cyber Security Incident Handling process;
Propose possible optimisations and enhancement which help to both maintain and improve NATO’s Cyber Security posture
Skills:
A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 6 years extensive and progressive expertise in the duties related to the function of the post.
Mandatory
Expert level in at least three of the following areas and a high level of experience in several of the other areas;
Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications.
Desirable
Industry leading certification in the area of Cybersecurity such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC.
A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures.
A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
Prior experience of working in an international environment comprising both military and civilian elements
4854-0 Second line security event analyst
Location:
Mons
Duration:
836 Hours, November 23, 20 20 – December 31, 20 20
Deadline:
October 27 , 20 20
NATO Clearance:
NATO level C O S M I C T O P S E C R E T
Evaluation by:
Lowest Price Technically Compliant (LPTC)
Incumbent:
No
Duties/Roles:
As Second Line Security Event Analyst (SLSEA), the incumbent will provide detailed analysis of logs and network traffic and making security event determinations on alarm severity delivering second level investigation and remediation activities as member of the Cyber Security Service Line.
Main responsibilities: Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team ;
Provide analysis of firewall, IDS, anti-virus and other network sensor produced system security events and present findings
Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc) to identify malicious activity.
Be able to recommend improvements to enable enhancing investigations
Provide Subject Matter Expertise supporting the end-to-end Cyber Security Incident Handling process;
Propose possible optimisations and enhancement which help to both maintain and improve NATO’s Cyber Security posture
Skills:
A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCI Agency; that is, at least 6 years extensive and progressive expertise in the duties related to the function of the post.
Mandatory
Expert level in at least three of the following areas and a high level of experience in several of the other areas;
- Security Incidents Event Management products (SIEM) – e.g. ArcSight, Splunk,
- Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Prevention
- Host Based Intrusion Detection Systems (HIDS)
- Full Packet Capture systems – e.g. Niksun, RSA/NetWitness,
- A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
- Computer forensics tools (stand alone, online and network)
- Computer incident response centre (CIRT), computer emergency response team (CERT)
- Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc)
- Secure web design and development
- Military communication systems and networks
Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications.
Desirable
Industry leading certification in the area of Cybersecurity such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC.
A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures.
A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
Prior experience of working in an international environment comprising both military and civilian elements