NATO offers you more than a job. It gives you a mission: building peace and security for one billion people in Europe and North America. The NATO Communications & Information Agency is leading NATO’s Digital Endeavour. We are NATO’s technology and cyber leaders, helping NATO Nations to communicate and work together in smarter ways. Our work is challenging and meaningful, and you will develop and apply your expertise as part of a dynamic international team of civilian and military professionals.

What do we offer?

• Genuinely meaningful work as part of the most successful alliance in history
• 3 year contract with competitive tax-free salary and household and children’s allowances
• Privileges for expatriate staff including expatriation and education allowances (where appropriate) and additional home leave
• Excellent private health insurance scheme
• Generous annual leave of 30 days plus official holidays
• Pension Scheme

About the job

Based in Mons, Belgium you will join the Agency as we embark on a journey to transform our IT services to support NATO’s Digital Endeavour.

The NATO Cyber Security Centre (NCSC) is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, NCSC provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, operations, maintenance, and sustainment support, throughout the lifecycle of NATO Communications and Information Systems (CIS).

The Security Tools Management Services (STMS) Section is responsible for delivering centrally managed security tools for internal and external users, as well as providing expert guidance for the implementation, configuration and management of NATO Enterprise-wide endpoint security software. The services, mainly in the form of Software-as-a-Service, provided by the section are enabling the core services delivered by NCSC branches as well as the endpoint protection of NATO static, Alliance Operations, and Missions footprints.

The Cyber Security Data team is delivering Cyber Defence Situational Awareness (CDSA), Malware Information Sharing Platform (MISP), Security Incident Event Management (SIEM) and Log Aggregation (LogA) services (further referred as data security systems). The SIEM and LogA components responsible for log and data collection will be further referred as log collection systems.

You will act as the Chief Technician and Subject Matter Expert (SME) for log collection systems within the Cyber Security Data team and manage multiple types, formats and quantities of data feeds to ensure established events and alerts are ingested from various log sources across NATO networks into the NCSC central security logging platform. You will provide advice and technical assistance to other stakeholders, maintain technical expertise, awareness, and developments in related new technologies, coordinate activities with log source providers at remote sites to ensure that data and logs are received into the NCSC central logging platform and provide support to Operations and Service Delivery management covering all stages of the log collection systems lifecycle with the emphasis on the log collection aspects.

For a full list of duties, please review the job description here .

About you

We are looking for a talented and knowledgeable Chief Technician (Cyber Security Data – Log Specialist) with Higher vocational training in a relevant discipline and 4 years of post-related experience.

A different qualification coupled with particularly relevant experience may also be considered.

You should also have:

• At least 1 year of extensive practical experience as Splunk administrator (deployment, installation, configuration and maintenance)
• Extensive hands on experience in regular expressions
• Extensive experience with on-boarding and managing data feeds within a SIEM environment. Practical experience in designing solutions to ingest new data feeds into SIEM
• At least 2 years expert level experience related to SIEM/LogA management activities
• Demonstrable experience of analyzing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviors
• Practical hands-on experience in systems and tools administration, especially Linux environment
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications
• Practical skills in writing Bash, Python or Ansible scripts to support repetitive tasks automation
• Linux system and application administration and troubleshooting
• Ability to develop clear and concise technical documentation, including procedures
• Demonstrable ability to work autonomously and proactively, to understand the chain of command and to follow internal processes
• Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams

Knowledge of English, both written and spoken, is essential.

Please note that internally the job title is Chief Technician (Cyber Security).

To learn more about NCI Agency and our work, please visit our website.

Please note that ALL SELECTED CANDIDATES, with the exception of currently employed NATO International Civilians (NIC’s) will be appointed at the first Increment of the indicated NATO Grade, i.e. NATO Grade X, Increment 1.This is the salary referred to in this vacancy notice. Extra increments can only be considered for candidates from another Co-Ordinated Organisation.

Selected candidates who are not nationals of the host country and who have not been continuously resident in the host country for at least one year may be eligible for an expatriate allowance. For the purposes of determining continuous residence, NATO considers mainly the work location at the time recruitment started, independent of whether various ties were kept with the home country. For more information on our allowances click here.

All selected candidates are required to complete a Security Clearance, Medical Clearance and Pre-employment Screening process before joining the NCI Agency. This process will require time, so please keep in mind that you will not be able to start working with us right away.