NATO offers you more than a job. It gives you a mission: building peace and security for one billion people in Europe and North America. The NATO Communications & Information Agency is leading NATO’s Digital Endeavour. We are NATO’s technology and cyber leaders, helping NATO Nations to communicate and work together in smarter ways. Our work is challenging and meaningful, and you will develop and apply your expertise as part of a dynamic international team of civilian and military professionals.

What do we offer?

·       Genuinely meaningful work as part of the most successful alliance in history.

·       3 year contract with competitive tax-free salary and household and children’s allowances

·       Privileges for expatriate staff including expatriation and education allowances (where appropriate) and additional home leave

·       Excellent private health insurance scheme

·       Generous annual leave of 30 days plus official holidays

·       Pension Scheme

About the job

Based in Mons, Belgium you will join the Agency as we embark on a journey to transform our IT services to support NATO’s Digital Endeavour.

The NATO Cyber Security Centre (NCSC) is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, NCSC provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, operations, maintenance, and sustainment support, throughout the lifecycle of NATO Communications and Information Systems (CIS).

The Network Monitoring and Incident Detection Cell (NMIDC) is responsible for 24/7 monitoring of NATO and NATO supported networks in order to identify, analyse and mitigate security threats. The cell performs the initial triage of security events and delivers technical assessments in addition to continuously improving the accuracy and efficiency of the detection capability through regular tuning and sensor optimisation.

You will work alongside a team of Security Analysts to proactively detect cyber security attacks against NATO networks. The role will involve researching and reacting to the latest threats, using industry leading tools to discover new and ongoing attacks. You will provide subject matter expertise supporting the end-to-end threat hunting process, develop hypotheses to be used in a threat hunt, create security tool content such as searches, reports and dashboards to facilitate threat hunting, develop and document threat hunting procedures and train and mentor team members on technical subjects.

For a full list of duties, please review the job description here .

About you

We are looking for a talented and knowledgeable Senior Engineer (Cyber Security Operations) with a Bachelor’s degree and 3 years of post-related experience.

A different qualification coupled with particularly relevant experience may also be considered.

You should also have:

·       Comprehensive knowledge of the principles of Computer and Communication Security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience

·       Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets

·       Knowledge of the TaHiTI threat hunting methodology and the MITRE ATT&CK framework

·       Strong analytical and problem-solving abilities, ability to identify patterns, detect anomalies and make accurate, informed decisions

·       Experience in performing in-depth cyber security analysis in large, complex networks using security use cases, relevant datasets, and documentation

·       Expertise in at least three of the following areas and a high level of experience in several of the other areas:

ü  Cyber security threat hunting

ü  Security Incidents Event Management products (SIEM) – e.g. Splunk

ü  Splunk Processing Language

ü  Network Based Intrusion Detection Systems (NIDS)

ü  Host Based Intrusion Detection Systems (HIDS)

ü  Endpoint Detection and Response tools and their telemetry

ü  Sysmon configuration, Windows, and Linux log analysis

ü  Full Packet Capture systems – e.g. Niksun, RSA/NetWitness

ü  Data visualisation and statistical analysis

ü  Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc.)

·       Proficiency in Intrusion/Incident Detection and Handling

·       Very good communications skills and reporting experience with capacity to communicate to different types of audience (senior executive, middle management, technical and non-technical)

Knowledge of English, both written and spoken, is essential.

To learn more about NCI Agency and our work, please visit our website.

The NATO Communications and Information Agency (NCI Agency) will not accept applications prepared, in whole or in part, by means of generative artificial-intelligence (AI) tools, including and without limitation to chatbots, such as Chat Generative Pre-trained Transformer (Chat GPT), or other language generating tools. All applications prepared, in whole or in part, by means of such generative or creative AI applications may be rejected without further consideration at the sole discretion of the NCI Agency.

Please note that ALL SELECTED CANDIDATES, with the exception of currently employed NATO International Civilians (NIC’s) will be appointed at the first Increment of the indicated NATO Grade, i.e. NATO Grade X, Increment 1.This is the salary referred to in this vacancy notice. Extra increments can only be considered for candidates from another Co-Ordinated Organisation.

Selected candidates who are not nationals of the host country and who have not been continuously resident in the host country for at least one year may be eligible for an expatriate allowance. For the purposes of determining continuous residence, NATO considers mainly the work location at the time recruitment started, independent of whether various ties were kept with the home country. For more information on our allowances click here.

All selected candidates are required to complete a Security Clearance, Medical Clearance and Pre-employment Screening process before joining the NCI Agency. This process will require time, so please keep in mind that you will not be able to start working with us right away.

Pasantía en el equipo de evaluación de políticas del Departamento de Investigación