Cyber Security Data Engineer - MISP (NS)

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We seek personnel to join our team and support key client projects.

Whom We Are Supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems that NATO's military commanders use to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA is critical in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains, and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV and, when required, stand together in the face of attack under Article V.

To provide these critical services in the modern, evolving, dynamic environment, the NCI Agency must build and maintain a high-performance-engaged workforce. The NCI Agency workforce strategically consists of three major categories: NATO International Civilians (NIC)s, Military (Mil), and Interim Workforce Consultants (IWC)s. The IWCs are a critical part of the overall NCI Agency workforce and comprise approximately 15 percent of the workforce.

Duties and Role:

Main responsibilities:

• Install, deploy, monitor, maintain, configure and keep in operational conditions the Malware Information Sharing Platform (MISP) systems.
• Act as the Subject Matter Expert for MISP.
• Troubleshoot identified issues, liaise with other stakeholders and co-ordinate resolution of those issues.
• Identify any upgrade requirements and implement new versions following relevant testing and internal change management process.
• Proactively propose system and service improvements to provide effective and efficient service operations.
• Implement approved changes following extensive tests in pre- production environment
• Deliver new and improve existing documentation on MISP service related processes, setup, integrations and customized scripting in the environment.
• Collaborate with other stakeholders supporting project related activities (new implementations, system upgrades/changes, etc.).
• Ensure the level of security (Confidentiality, Integrity, and Availability) meets or exceeds the minimum-security requirements defined by NATO security authorities.
• Help in the organization of the MISP User Group (MUG) whenever required, supporting the internal MISP engineer.
• Actively participate in the wider MISP community discussions to propose and review change proposals.
• Support the MISP Lead engineer and Service Delivery Manager (SDM)in providing the metrics to be integrated into wider NCSC or NCIA products , delivering second and third line support for MISP users and supporting any Root Cause Analysis (RCA) requested.
• Occasionally provide support to the rest of the section with the maintenance of other specialized tools such as Security Incident and Event Management, Vulnerability Assessment and Computer Forensic.
• Perform technical co-ordination as required with NATO CIS authorities.
• Produce metrics to be integrated into wider NCSC or NCI Agency products that are being delivered up to NATO executive management level.
• Maintain awareness of new technologies and developments, industry standards and best practices within the wider IA community and provide support for the selection of new cyber tools.
• Produce technical reports and support the production of executive level reports.
• Review security documentation and provide technical advice.
• When required work autonomously and proactively.

Expected outcomes

Daily:

• Work in close collaboration with the MISP Service Delivery Manager (SDM) and the MISP Lead Engineer on assigned tasks and upcoming deliverables
• Report on system status, results of the health checks and details on any issues identified.
• In case of any issues, preparation of a resolution plan and any applicable mitigations. The initial plan has to be prepared within 1 working day.
• Manage the ticket queue related to the tools under incumbent's responsibility. The incumbent will respond to all Critical within the same day. High tickets require a response the next day the latest. All other tickets shall be updated at least once a week.

Weekly:

• A brief summary of current situation with ongoing tickets. It shall include: any critical as well as system affecting high tickets; any identified issues, already present or expected in the future.

Performance Standards

• Timely delivery of the reports and briefs.
• The section head, SDM and/or team lead will regularly assess quality of the deliverables.
• The reports shall contain key elements such as date and time of system checks, expected outcome, observed situation.
• In case of reported issues provide details on 5W: who (is affected), what (happened), when (day/time), where (which systems), why (any supporting details, potential hypothesis).

Requirements

Skill, Knowledge & Experience:

• Essential to have a Bachelor's Degree in Computer Science combined with a minimum of 2 years' experience in Cyber Security related post as a Security Engineer or similar position, or a Secondary education and completed advanced vocational education (leading to a professional qualification or professional accreditation) with 5 years post related experience.

Mandatory

• Excellent abilities in software development/programming and code review;
• Excellent abilities in writing and reviewing scripts, mostly in Python language;
• 2 year's demonstrable experience solely in web development in PHP and/or Python;
• Very good technical understanding of the cyber threats to web-based products;
• Demonstrated experience in using API for data ingestion and tools integration;
• Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat;
• Demonstrated experience in the management and administration of SQL databases;
• Demonstrated experience in the use of APIs for data ingestion and integration;
• Understanding of service delivery management and service lifecycle.
• Working knowledge of automation technologies (Ansible)
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
• Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
• Ability to investigate and analyse complex scenarios and solve problems in innovative ways
• Demonstrable ability to work autonomously and proactively

Desirable

• Prior experience in the use and administration of MISP (Malware Information Sharing Platform);
• Code contributions to MISP as open source project;
• Previous experience in working in a Cyber Security field (CERTs, security office,…)
• Prior experience of working in an international environment comprising both military and civilian elements;
• Experience with the technical management of Splunk as Enterprise SIEM

Working Policy

• Onsite

Travel

• Travel to other NATO location may be required

Security Clearance

• Must have a currently active NATO SECRET security clearance

Contract Duration

• Required Start Date: 6 November 2023
• End Contract Date: 31 December 2023 (with potential extension)

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.