Job Description
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
· Bachelor's degree in Computer Science, Information Technology, or related field Or equivalent experience
· 3+ years of experience in IT security, with a focus on System Administration, Security Tools Management in large organisations
· Strong understanding of security best practice
· Expert level in at least three of the following areas and a high level of experience in several of the other areas:
ü Security Incidents Event Management products (SIEM) – e.g. Splunk
ü Network Based Intrusion Detection Systems (NIDS) – e.g. SourceFire, Palo Alto Network Threat Prevention
ü Host Based Intrusion Detection Systems (HIDS)
ü Full Packet Capture systems – e.g. Niksun, RSA/NetWitness
ü A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances).
ü Cloud-specific security tools
ü Splunk ES suite and Phantom SOAR
· Proficiency in Intrusion/Incident Detection and Handling
· Expert knowledge of malware families, network attack vectors and threat actor tools, techniques and procedures
· Experience in endpoint detection and analysis techniques
· Expert knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
· Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
· Very good communications skills and reporting experience with capacity to communicate to different types of audience (senior executive, middle management, technical and non-technical)
· Very good understanding of the principles of Computer and Communication Security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience
Desirable Qualifications/Experience:
· Experience in working with NATO
· Experience of working with NATO Communications and Information Agency
· Experience of working with national Defence or Government entities
DUTIES/ROLE:
· Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team:
ü Analyse firewall, IDS, anti-virus and other sensor-produced system security events and present findings
ü Leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc.) to identify malicious activity
ü Outcome:
o Triage, analysis and response to alerts
o Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents
· Develop new Splunk alerts, searches and reports for security monitoring and detection
ü Identify security gaps in NATO infrastructure, develop, update and review custom content utilising available toolset
ü Outcome:
o 5 new use cases per month
o Propose possible optimisations and enhancements, which help to maintain and improve NATO’s Cyber Security posture
· Collaborate with threat intelligence teams to incorporate threat indicators into detection systems.
ü Work closely with the threat intelligence team to integrate the latest Indicators of Compromise (IOCs) and attack techniques into the detection environment
ü Outcome:
o Implementation of at least 3 new threat intelligence-driven detections per quarter to stay ahead of emerging threats
· Develop and maintain standard operating procedures (SOPs) and playbooks for incident detection and response
ü Ensure documentation is up-to-date and provides clear guidance for responding to common attack scenarios
ü Outcome:
o Delivery of updated SOPs and playbooks quarterly, ensuring they reflect the latest threat landscape and detection capabilities
· Produce briefings in Microsoft PowerPoint or Word format to provide detailed technical reports in support of incidents and capability improvements
ü Outcome:
o Report and/or briefing for the management team containing details on the detection capabilities, scope, and details. This may be requested in either Word, PowerPoint, or both depending on the briefing
· Review reports and observables from threat hunting, red teaming, and purple teaming activities.
ü Outcome:
o Detection gap analysis and recommendations for solutions, subsequently leading on the development, testing and implementation
· Brainstorm during weekly meetings with the rest of the Monitoring and Detection Team how to improve detection capability to increase detection coverage
ü Outcome:
o Participation in meetings as reported and tracked in the meeting minutes which need to be prepared before the meeting and updated during the meeting (Confluence)