Role:: Active Directory Security Support
Braine-l’Alleud, Walloon Region, Belgium (On-site)
Scope of work:
The Office of the CIO (OCIO) Enterprise Cyber Security Posture Improvement project focuses on acquisition and implementation of state-of-art tools to enhance Enterprise-wide cybersecurity capabilities considering the key cybersecurity functions. NCI Agency initiated a project and procured Active Directory Clean-up Tool (Tenable Identity Exposure) providing identity unification and risk scoring, real‐time attack detection and continually assessing directory services security in real‐time, eliminate attack paths that lead to domain domination, and investigate and inform. To support NISC for the execution of tasks identified in the subject work package of the project, the NCI Agency is looking for subject matter expertise in the delivery of complex, foundational and novel Cybersecurity capability.
The objective of this position is to provide Active Directory security support service on Site for NATO CIS, consisting in operation and management of multiple Tenable Identity Exposure installations, monitoring Active Directories’ security posture, develop and use automation mechanisms (scripts), investigate security events, develop mitigation measures, and support the remediation of the Active Directory-related security findings. Vulnerability remediation is a crucial aspect of addressing the security issues of an Active Directory infrastructure identified through a security auditing function. It involves a systematic process of assessing, prioritizing, and mitigating security vulnerabilities within the Active Directory environment.
Remediation actions are taken to address identified vulnerabilities and reduce the risk of exploitation. This may involve applying security patches released by vendors, reconfiguring systems to address misconfigurations, updating security policies and procedures, enhancing network segmentation, or implementing additional security measures such as intrusion detection systems or endpoint protection solutions. After remediation actions are implemented, the effectiveness of the remediation efforts is validated through testing and monitoring. This contract covers 3 (three) Tenable Identity installations that monitor and protect multiple Active Directory forests and directories; the required activities are described below.
Duties:
* Active Directory security operations:
* Operate the Tenable Identity installations, in coordination with the Continuous Vulnerability Assessment and Identity and Access Management teams,
* Monitor the Tenable Identity Exposure-generated events, detect and support remediation of Active Directory incorrect permissions/roles/groups’ configurations,
* Report the identified CIS security incidents following the NCIA procedure, and support the security investigations,
* Create monthly AD security compliance reports, including the amounts of active, inactive and disabled users and service accounts,
* Support the installation/configuration, and upgrade the Tenable Identity Exposure installations in scope of this SOW, following the NCIA change management process and using NCSC security configurations to ensure compliance of the managed networks with NATO Security Directives,
* Support the development of mitigation and remediation plans, following the identification and assessment of cybersecurity risks for Active Directories in scope,
* Assist with complex remediation activities for the NATO CIS in scope of this SoW; conduct remediation activities in collaboration with the NCIA Service Delivery Managers,
* Ensure adequate level of systems/data protection is implemented for NISC managed CIS in accordance with NATO Security policies and directives,
* Perform all operation, support and maintenance activities described in Annex C,
* Log and track Service and Change requests using the enterprise ticketing system (ITSM),
* Ensure all tickets are updated with accurate and detailed information and resolved within the agreed service levels.
* Escalation:
* Escalate complex issues to appropriate teams when necessary,
* Follow up on escalated issues to ensure timely resolution and user satisfaction
* Knowledge Base Management:
* Contribute to the creation and maintenance of a knowledge base, documenting common issues and solutions,
* Share knowledge and best practices with team members to improve overall service quality.
* Performance Monitoring:
* Monitor support metrics and KPIs to ensure high-quality service delivery,
* Participate in regular reviews to identify areas for improvement and implement corrective actions.
* Automation and Efficiency:
* Develop and implement automation scripts to streamline routine support tasks such as software installations, updates, system and software checks and notifications,
* Utilize automation to create workflows for repetitive tasks, improve service efficiency and proactively implement solutions.
* Communication and Collaboration:
* Communicate effectively with internal user community to understand their issues and provide clear instructions,
* Collaborate with IT teams to resolve issues and improve service delivery.
Requirements:
* Microsoft Active Directory and PowerShell expert knowledge,
* Experience with security configurations for Active Directory-based enterprise networks,
* Knowledge of and experience with Tenable Identity Exposure,
* CIS Security Assessments (SA) remediation.
* Strong troubleshooting skills to diagnose and resolve hardware, software, and network issues,
* Ability to guide users through problem-solving steps effectively.
* Proficiency in automation to create workflows and automate repetitive processes,
* Ability to identify and implement automation opportunities to enhance efficiency.
* Communication and Interpersonal Skills
* Excellent verbal and written communication skills,
* Full proficiency in English,
* Ability to communicate technical information to non-technical users in a clear and concise manner.
* Strong customer service focus with a commitment to user satisfaction,
* Patience and empathy when dealing with user issues and concerns.
* Ability to manage multiple support tickets and prioritize tasks effectively,
* Attention to detail in documenting support activities and maintaining accurate records.
* Ability to work effectively as part of a team and share knowledge and resources,
* Willingness to collaborate with colleagues to solve complex issue